ASA + DHCP Server behind NAT

Unanswered Question
May 30th, 2008

Hi all,

Is there a fixup in ASA that allows to run a DHCP server inside a NATed ASA.

Here is the scenario;

-Windows DHCP server on the inside

-DHCP client on the oustide

-The DHCP server is translated on the outside

-ip helper-address pointing to the translated IP address of the server

What we observe is the following;

When the DHCP broadcast occurs , the DHCP request is forwarded to the helper address and

the server leases an IP address . In the offer the server also includes it's own (real) IP


Now the clients have an IP , but when it tries to renew, it makes a unicast DHCP call

(udp 67) to the server using the real IP of the server , so the renew fails.

So i would like to know if there is a fixup in the ASA , that would change the DHCP server

IP address for it's translated value in the DHCP offer.

In other words, is there an equivalent of the dns reply modification , but for DHCP.

something like;

static (inside,outside) netmask dhcp


I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

I have the same problem, and I agree that a "fixup" option in the ASA would be useful.

However, I found that one solution was to use a special DHCP option 54 (Server Identifier) for the particular DHCP scope. This allows the server to masquerade behind the WAN address, and thus enables the DHCP client to communicate with the DHCP server via unicast.

Hope this helps someone other than me.


This Discussion