I have an ASA-5505 with 3 vlans: outside, inside1, and inside 2. I'd like DHCP requests from inside1 and inside2 to go to different DHCP servers, depending on which interface the requests are received on. It would be the equivalent of issuing ip helper-address commands on two different router interfaces. It doesn't appear to be possible on the ASA-5505. Is that really correct??? If so, then do any of the other ASA models provide this capability?
Thanks, I know about dhcp relay -- this is exactly what I'm trying to use. But I want to relay to two different dhcp servers - one for dhcp requests on vlan1, one for dhcp requests on vlan2. If I understand how the ASA works, it will forward all packets from all vlans on which dhcp relay is enabled to ALL of the dhcp relay servers that are configured.
All the ASA is doing is just relay the dhcp request between client and server. When the DHCP relay agent on the ASA appliance receives a DHCP request from a host on one of it interface, it will forward the request to one of the specified DHCP servers on an interface the servers are behind. When the DHCP server replies to the client, the security appliance forwards that reply back.
to answer your question: Just make sure both that both DHCP servers are setup on the asa for example if the servers are behind the inside interface "dhcprelay server **** inside" and make sure the servers are setup with the correct dhcp scope for the vlan1 and vlan 2. when the request is sent fromt her asa to the dhcp server, as long as the server have a dhcp scope for the correct vlan, it will respond back with an ip address to the asa and the asa will relay it to the client.
That makes sense, thank you very much. If I understand correctly: as long as the ASA 5505 is compliant with RFC 1542, it will substitute its own gateway address into the dhcp request packet before it forwards it to the dhcp servers.
Then when the dhcp servers receive the request, it will know whether it needs to reply with an address based on if it has a dhcp scope configured that corresponds to the relay address provided in the request. (assuming the dhcp servers are also rfc compliant and don't just blindly reply to all dhcp requests)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...