Transparent ASA5505 and dhcp relay

Roberto Kippins · ‎07-17-2013

Team,

I have another asa5505 configured transparently but i noticed that it does not pass dhcp by default how can i enable this feature firewall ip 10.200.200.50/24 dhcp server 10.200.200.1/24 also def gateway.

Karsten Iwen · ‎07-17-2013

add a line for dhcp to your access-list:

access-list ACL-CLIENTS permit udp any eq bootpc any eq bootps

access-list ACL-SERVER permit udp any eq bootps any eq bootpc

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Roberto Kippins · ‎07-17-2013

so i dont have to permit a specific ip for the dhcp server in the acl?

Karsten Iwen · ‎07-17-2013

no, you don't have to but you can if you want to have a tighter control. Using "any" for source and destination is quite common and much easier to implement.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Roberto Kippins · ‎07-24-2013

tried adding the access list didnt work

Karsten Iwen · ‎07-24-2013

what is your actual config?

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

cadet alain · ‎07-24-2013

Hi,

These are 2 ACLs, the first one should be applied inbound on the client-side interface and the other inbound on the server-side interface with the access-group "ACL name" in interface "interface name" command

Regards

Alain

Don't forget to rate helpful posts.