04-06-2010 06:34 AM - edited 03-11-2019 10:29 AM
Hi,
We have established LAN-LAN tunnel between ASA HQ and 827 Branch.The dhcp server behind ASA HQ firewall and the clients behind the Branch 827 router. How to configure both the devices to enable the clients to get dynamic IP addresss fron the dhcp server located behind ASA HQ firewall.
Thx
samy
04-06-2010 12:38 PM
Hi,
You can use the DHCP relay function on the router and include the public's IP of the ASA in the interesting traffic (ASA as DHCP server).
Federico.
04-06-2010 08:30 PM
Thx for your reply.
I am not using ASA as dhcp server. WIN2k server located behind ASA (inside segment) at HQ. I made home lab and tested the same scenarios working with only ip helper address configured on Branch router client facing interface. I did not do any other configuration on HQ firewall.
Thx
samy
04-07-2010 06:33 AM
If a computer behind the branch router attempts to contact the DHCP it will send a broadcast.
The router (with the ip helper command) will turn that broadcast into unicast directly to the IP of the DHCP server (Server behind the ASA).
Maybe this is happening while the VPN tunnel is down and that's why it is not working.
Try the following...
1. Make one computer contact the DHCP again while the tunnel is up.
2. Include the public IP of the branch router and the IP of the DHCP server in the interesting traffic so that the DHCP request will bring up the tunnel.
Federico.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: