Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA + DHCP Server behind NAT

Hi all,

Is there a fixup in ASA that allows to run a DHCP server inside a NATed ASA.

Here is the scenario;

-Windows DHCP server on the inside

-DHCP client on the oustide

-The DHCP server is translated on the outside

-ip helper-address pointing to the translated IP address of the server

What we observe is the following;

When the DHCP broadcast occurs , the DHCP request is forwarded to the helper address and

the server leases an IP address . In the offer the server also includes it's own (real) IP


Now the clients have an IP , but when it tries to renew, it makes a unicast DHCP call

(udp 67) to the server using the real IP of the server , so the renew fails.

So i would like to know if there is a fixup in the ASA , that would change the DHCP server

IP address for it's translated value in the DHCP offer.

In other words, is there an equivalent of the dns reply modification , but for DHCP.

something like;

static (inside,outside) netmask dhcp



Re: ASA + DHCP Server behind NAT

Have a look at this this Cisco ASA 5500 Series Adaptive Security Appliances Configuration guide. For your setups.

New Member

I have the same problem, and

I have the same problem, and I agree that a "fixup" option in the ASA would be useful.

However, I found that one solution was to use a special DHCP option 54 (Server Identifier) for the particular DHCP scope. This allows the server to masquerade behind the WAN address, and thus enables the DHCP client to communicate with the DHCP server via unicast.

Hope this helps someone other than me.

CreatePlease to create content