cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
650
Views
0
Helpful
8
Replies

Need to Enable DHCP relay

Ramesh M
Level 1
Level 1

Hi team,

Need to enable dhcp relay on the firewall... DHCP server is in WTBB interface and atuo IP assigning should happen on PC's behing ODC_LEG interface.

Please help me to configure the same.

Configuration file attached.

Regards / Ramesh M

8 Replies 8

You only need a small addition to your config:

asa(config)# dhcprelay server IP-OF-DHCP-SERVER WTBB

asa(config)# dhcprelay enable ODC_LEG

asa(config)# dhcprelay setroute ODC_LEG

More on the topic is found on the config-guide:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/dhcp.html#wp1041663

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Hi ,

Thanks for your reply.

I was tried the same. it is not successful.

Because the WTBB segment will not accept the ODC_LEG segment directly .. ODC_LEG is NAT with WTBB interface.

global (WTBB) 1 interface

nat (ODC-LEG) 1 access-list ODC-ACCESS-IN

Will it work with the scenario or not.

Please suggest.

Regards / Ramesh M

NAT is independent of DHCP-Relay.

Do the following debug and show what happens when a client requests an IP:

debug dhcprelay error 100

debug dhcprelay enents 100

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Hi,,

Please let me know if we need to allow any ports .. Is it bidirectional or unidirectional.

Regards / Ramesh M

no ports are needed to be opened. Have run the debug to see what happens?


Sent from Cisco Technical Support iPad App

Hi,

your dhcp server will pick the correct scope based on gia address and this field will not be changed by NAT so it should not pose any problem for allocation.

Can you either sniff on DHCP server with wireshark or do a capture on the ASA for the DHCP messages.

I see you have  2 capture ACLs for 10.101.150.112 , is it the DHCP server?

Have you got logs on your server stating it is receiving a request ?

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi,

I configured the same DHCP server in another ASA and it is working fine.. I have created a bidirectional access list. From ODC segment to WTBB and vice versa. Without policy its not working.

The DHCP server located in low security level.

But here I cann't create WTBB to ODC_LEG. Because the ODC_LEG is NAT to WTBB interface.

I checked the ASA logs. AS receiving the DHCP request from PC and forwarded to DHCP server.

I checked the routing parts in the network.

Regards / Ramesh M

Hi,

you don't need any policy for udp return traffic as it is inspected when leaving higher levl interface and going out lower level one.

Can you  perform a sniff on the dhcp server or capture traffic on lower  level interface to see if you get replies from the server?

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: