Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Need to Enable DHCP relay

Hi team,

Need to enable dhcp relay on the firewall... DHCP server is in WTBB interface and atuo IP assigning should happen on PC's behing ODC_LEG interface.

Please help me to configure the same.

Configuration file attached.

Regards / Ramesh M

8 REPLIES
VIP Purple

Re: Need to Enable DHCP relay

You only need a small addition to your config:

asa(config)# dhcprelay server IP-OF-DHCP-SERVER WTBB

asa(config)# dhcprelay enable ODC_LEG

asa(config)# dhcprelay setroute ODC_LEG

More on the topic is found on the config-guide:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/dhcp.html#wp1041663

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

New Member

Re: Need to Enable DHCP relay

Hi ,

Thanks for your reply.

I was tried the same. it is not successful.

Because the WTBB segment will not accept the ODC_LEG segment directly .. ODC_LEG is NAT with WTBB interface.

global (WTBB) 1 interface

nat (ODC-LEG) 1 access-list ODC-ACCESS-IN

Will it work with the scenario or not.

Please suggest.

Regards / Ramesh M

VIP Purple

Re: Need to Enable DHCP relay

NAT is independent of DHCP-Relay.

Do the following debug and show what happens when a client requests an IP:

debug dhcprelay error 100

debug dhcprelay enents 100

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

New Member

Need to Enable DHCP relay

Hi,,

Please let me know if we need to allow any ports .. Is it bidirectional or unidirectional.

Regards / Ramesh M

VIP Purple

Re: Need to Enable DHCP relay

no ports are needed to be opened. Have run the debug to see what happens?


Sent from Cisco Technical Support iPad App

Purple

Need to Enable DHCP relay

Hi,

your dhcp server will pick the correct scope based on gia address and this field will not be changed by NAT so it should not pose any problem for allocation.

Can you either sniff on DHCP server with wireshark or do a capture on the ASA for the DHCP messages.

I see you have  2 capture ACLs for 10.101.150.112 , is it the DHCP server?

Have you got logs on your server stating it is receiving a request ?

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Need to Enable DHCP relay

Hi,

I configured the same DHCP server in another ASA and it is working fine.. I have created a bidirectional access list. From ODC segment to WTBB and vice versa. Without policy its not working.

The DHCP server located in low security level.

But here I cann't create WTBB to ODC_LEG. Because the ODC_LEG is NAT to WTBB interface.

I checked the ASA logs. AS receiving the DHCP request from PC and forwarded to DHCP server.

I checked the routing parts in the network.

Regards / Ramesh M

Purple

Need to Enable DHCP relay

Hi,

you don't need any policy for udp return traffic as it is inspected when leaving higher levl interface and going out lower level one.

Can you  perform a sniff on the dhcp server or capture traffic on lower  level interface to see if you get replies from the server?

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
222
Views
0
Helpful
8
Replies
CreatePlease to create content