dhcp server and dhcp client betwen VPN tunnel end points

arumugasamy · ‎04-06-2010

Hi,

We have established LAN-LAN tunnel between ASA HQ and 827 Branch.The dhcp server behind ASA HQ firewall and the clients behind the Branch 827 router. How to configure both the devices to enable the clients to get dynamic IP addresss fron the dhcp server located behind ASA HQ firewall.

Thx

samy

Federico Coto Fajardo · ‎04-06-2010

Hi,

You can use the DHCP relay function on the router and include the public's IP of the ASA in the interesting traffic (ASA as DHCP server).

Federico.

arumugasamy · ‎04-06-2010

Thx for your reply.

I am not using ASA as dhcp server. WIN2k server located behind ASA (inside segment) at HQ. I made home lab and tested the same scenarios working with only ip helper address configured on Branch router client facing interface. I did not do any other configuration on HQ firewall.

Thx

samy

Federico Coto Fajardo · ‎04-07-2010

If a computer behind the branch router attempts to contact the DHCP it will send a broadcast.

The router (with the ip helper command) will turn that broadcast into unicast directly to the IP of the DHCP server (Server behind the ASA).

Maybe this is happening while the VPN tunnel is down and that's why it is not working.

Try the following...

1. Make one computer contact the DHCP again while the tunnel is up.

2. Include the public IP of the branch router and the IP of the DHCP server in the interesting traffic so that the DHCP request will bring up the tunnel.

Federico.