07-17-2013 11:09 AM - edited 03-11-2019 07:13 PM
Team,
I have another asa5505 configured transparently but i noticed that it does not pass dhcp by default how can i enable this feature firewall ip 10.200.200.50/24 dhcp server 10.200.200.1/24 also def gateway.
07-17-2013 11:44 AM
add a line for dhcp to your access-list:
access-list ACL-CLIENTS permit udp any eq bootpc any eq bootps
access-list ACL-SERVER permit udp any eq bootps any eq bootpc
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
07-17-2013 01:02 PM
so i dont have to permit a specific ip for the dhcp server in the acl?
07-17-2013 01:38 PM
no, you don't have to but you can if you want to have a tighter control. Using "any" for source and destination is quite common and much easier to implement.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
07-24-2013 09:11 AM
tried adding the access list didnt work
07-24-2013 10:00 AM
what is your actual config?
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
07-24-2013 01:34 PM
Hi,
These are 2 ACLs, the first one should be applied inbound on the client-side interface and the other inbound on the server-side interface with the access-group "ACL name" in interface "interface name" command
Regards
Alain
Don't forget to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide