Solved: permitting DHCP requests through PIX/ASA

vikram_anumukonda · ‎09-18-2008

Hello,

what are the exact ACL permit statements that i need to configure on my firewall if dhcp clients are residing on the inside network and DHCP server on the outside network, Assuming that i have access-group statments applied on both inside and outside interface in the inward direction.

satish_zanjurne · ‎09-19-2008

In routed firewall mode, broadcast and multicast traffic is blocked even if you allow it in an access list, including unsupported dynamic routing protocols and DHCP (unless you configure DHCP relay). Transparent firewall mode can allow any IP traffic through.

1.If you are not using ASA/PIX in transparent mode, then you need to make ASA/PIX as DHCP Relay Agent

dhcprelay server x.x.x.x outside

dhcprelay enable inside

dhcprelay setroute inside

2.If you are using AS/PIX in transparent mode then you need to basically allow UDP port 67 & 68

HTH..rate if helpfull...

View solution in original post

SirAdam_2 · ‎09-19-2008

Take a look here (Routed Mode / DHCP Relay):

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008075fcfb.shtml

View solution in original post

Syed Iftekhar Ahmed · ‎09-19-2008

ASA must be in transparent mode for DHCP requests to pass through

Following is an example to achieve what you are looking for

(DHCP SERVER: 10.10.10.10) ----- OUTSIDE(ASA)INSIDE ---DHCP Clients

Apply this on outside interface (bootpc = port67)

access-list 10 extended permit udp host 10.10.10.10 any eq bootpc

Apply this on Inside interface (bootps = port 68)

access-list 20 extended permit udp any any eq bootps

Thanks

Syed Iftekhar Ahmed

satish_zanjurne · ‎09-19-2008