Can a ASA 5520 assign multiple DHCP scopes?

Answered Question
May 7th, 2009
User Badges:

I am setting up a ASA to be a VPN box/router to connect to a remote hub site. This end has a few vlans/IP networks associated with it and the network is not flat. Can I use subinterfaces to somehow make the ASA give out addresses on 3 different IP networks (and dhcp pools) on this end of the tunnel? I was at first thinking I could trunk in the 2 vlans that are "nearby" and handle those that way, but the 3rd _routed_ network on the other side of campus may be more difficult. I know how IP helpers work, but I guess I'm not entirely sure how to make the ASA realize what network the DHCP_request if coming from and which pool to assign it out of.


Scott

Correct Answer by Jon Marshall about 8 years 2 weeks ago

Scott


You can have multiple pools but the clients must be on a directly attached network so the trunked 2 vlans would be fine but not the 3rd routed network.


Also even though you can have multiple IP pools, settings such as DNS server, domain name etc. are configured globally altho this may not be an issue for you -


http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/dhcp.html#wp1058874


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Thu, 05/07/2009 - 07:08
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Scott


You can have multiple pools but the clients must be on a directly attached network so the trunked 2 vlans would be fine but not the 3rd routed network.


Also even though you can have multiple IP pools, settings such as DNS server, domain name etc. are configured globally altho this may not be an issue for you -


http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/dhcp.html#wp1058874


Jon

scottbob09 Thu, 05/07/2009 - 07:19
User Badges:

Right....


So the router (option 3) would be a problem.


humph

Jon Marshall Thu, 05/07/2009 - 07:23
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Yes it would.


Not ideal but for the 3rd network could you not just use the router to hand out IP's.


Jon

scottbob09 Thu, 05/07/2009 - 07:24
User Badges:

Yeah I was just thinking I could use the 6509 up there to hand them out. Not something we typically do, but it could be just fine. Of course since there is just going to be 1 phone and 1 PC piggybacked up there, I can just do static and KISS. :)


Scott

Actions

This Discussion