Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2724
Views
0
Helpful
3
Replies

DHCP Relay from ASA5510 to Win 2008r2 - Not working

timboothby
Level 1
Level 1

‎08-01-2012 03:21 AM - edited ‎03-11-2019 04:36 PM

Hi,

I'm trying to set up an ASA5510 to relay DHCP requests to our Windows 2008 r2 DHCP server.

The DHCP server is on the inside network at 10.0.0.3 and has a scope setup for 10.0.50.0/24, address pool 10.0.50.50 - 10.0.50.100 

The clients are on vlan 2. These clients were working ok, able to access the internet etc when assigned an IP from the ASA's DHCP server (now disabled).   

interface Ethernet0/1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
!


interface Ethernet0/2.2
description Low access netowork for guest pcs allows internet access only
vlan 2
nameif VLAN2-GUESTS
security-level 1
ip address 10.0.50.1 255.255.255.0
!

 

Turning on DHCP debug logging, I can see that the DHCP requests are reaching the ASA and apparently being correctly relayed to 10.0.0.3

DHCPD: setting giaddr to 10.0.50.1.

dhcpd_forward_request: request from 000e.7b7b.fce5 forwarded to 10.0.0.3.

DHCPRA: relay binding found for client 000e.7b7b.fce5.

DHCPD: setting giaddr to 10.0.50.1.

dhcpd_forward_request: request from 000e.7b7b.fce5 forwarded to 10.0.0.3.

DHCPRA: relay binding found for client 000e.7b7b.fce5.

DHCPD: setting giaddr to 10.0.50.1.

dhcpd_forward_request: request from 000e.7b7b.fce5 forwarded to 10.0.0.3.

DHCPRA: relay binding found for client 000e.7b7b.fce5. DHCPD: setting giaddr to 10.0.50.1.
dhcpd_forward_request: request from 000e.7b7b.fce5 forwarded to 10.0.0.3.
DHCPRA: relay binding found for client 000e.7b7b.fce5.
DHCPD: setting giaddr to 10.0.50.1.
dhcpd_forward_request: request from 000e.7b7b.fce5 forwarded to 10.0.0.3.
DHCPRA: relay binding found for client 000e.7b7b.fce5.
DHCPD: setting giaddr to 10.0.50.1.
dhcpd_forward_request: request from 000e.7b7b.fce5 forwarded to 10.0.0.3.
DHCPRA: relay binding found for client 000e.7b7b.fce5.

However, the ASA doesn't get a reply and the logs on the DHCP server show no address being leased. The ASA can ping 10.0.0.3, I've tried disabling the Windows firewall on the DHCP server. The clients fail with a request timed out message. It seems that either the request isn't making it to the DHCP, or the DHCP server is ignoring it. Between the ASA and the DHCP server there is just a couple of switches, no routers. If I set the inside interface to receive it's IP by DHCP it sucessfully gets one from another scope on the DHCP server.

So, I'm puzzled why this isn't working, it should be a simple setup. Can anybody help??

Thanks,


Tim

Labels:
0 Helpful
3 Replies 3

timboothby
Level 1
Level 1

‎08-01-2012 06:30 AM

Ok, I figured this out.

I was using my production DHCP server for testing. This didn't have the ASA set as it's default gateway as the ASA is not in production yet. It looks like the DHCP reply is addressed back to 10.0.40.1 - i.e. the DHCP server must have a route to it.

Adding a static route on my Windows DHCP server resolved the problem

route ADD 10.0.40.0 MASK 255.255.255.0 10.0.0.1

0 Helpful

sudhakaru08
Level 1
Level 1
In response to timboothby

‎10-29-2015 12:00 PM

Hi

I am facing same problem from Dhcp please help us

0 Helpful

Akshay Rastogi
Cisco Employee
Cisco Employee
In response to sudhakaru08

‎10-31-2015 12:15 PM

Hi,

Please share the issue in detail and provide the dhcprelay configuration from ASA.

As mentioned, check if the default route is present on DHCP server pointing towards ASA interface.

- Try taking dhcp debugs on ASA and provide the output here.

Regards,

Akshay Rastogi

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card