Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

permitting DHCP requests through PIX/ASA

Hello,

what are the exact ACL permit statements that i need to configure on my firewall if dhcp clients are residing on the inside network and DHCP server on the outside network, Assuming that i have access-group statments applied on both inside and outside interface in the inward direction.

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: permitting DHCP requests through PIX/ASA

In routed firewall mode, broadcast and multicast traffic is blocked even if you allow it in an access list, including unsupported dynamic routing protocols and DHCP (unless you configure DHCP relay). Transparent firewall mode can allow any IP traffic through.

1.If you are not using ASA/PIX in transparent mode, then you need to make ASA/PIX as DHCP Relay Agent

dhcprelay server x.x.x.x outside

dhcprelay enable inside

dhcprelay setroute inside

2.If you are using AS/PIX in transparent mode then you need to basically allow UDP port 67 & 68

HTH..rate if helpfull...

New Member

Re: permitting DHCP requests through PIX/ASA

3 REPLIES

Re: permitting DHCP requests through PIX/ASA

ASA must be in transparent mode for DHCP requests to pass through

Following is an example to achieve what you are looking for

(DHCP SERVER: 10.10.10.10) ----- OUTSIDE(ASA)INSIDE ---DHCP Clients

Apply this on outside interface (bootpc = port67)

access-list 10 extended permit udp host 10.10.10.10 any eq bootpc

Apply this on Inside interface (bootps = port 68)

access-list 20 extended permit udp any any eq bootps

Thanks

Syed Iftekhar Ahmed

Re: permitting DHCP requests through PIX/ASA

In routed firewall mode, broadcast and multicast traffic is blocked even if you allow it in an access list, including unsupported dynamic routing protocols and DHCP (unless you configure DHCP relay). Transparent firewall mode can allow any IP traffic through.

1.If you are not using ASA/PIX in transparent mode, then you need to make ASA/PIX as DHCP Relay Agent

dhcprelay server x.x.x.x outside

dhcprelay enable inside

dhcprelay setroute inside

2.If you are using AS/PIX in transparent mode then you need to basically allow UDP port 67 & 68

HTH..rate if helpfull...

New Member

Re: permitting DHCP requests through PIX/ASA

5679
Views
0
Helpful
3
Replies
CreatePlease to create content