Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Transparent ASA5505 and dhcp relay

Team,

I have another asa5505 configured transparently but i noticed that it does not pass dhcp by default how can i enable this feature firewall ip 10.200.200.50/24 dhcp server 10.200.200.1/24 also def gateway.

6 REPLIES
VIP Purple

Re: Transparent ASA5505 and dhcp relay

add a line for dhcp to your access-list:

access-list ACL-CLIENTS permit udp any eq bootpc any eq bootps

access-list ACL-SERVER permit udp any eq bootps any eq bootpc

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Transparent ASA5505 and dhcp relay

so i dont have to permit a specific ip for the dhcp server in the acl?

VIP Purple

Re: Transparent ASA5505 and dhcp relay

no, you don't have to but you can if you want to have a tighter control. Using "any" for source and destination is quite common and much easier to implement.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Transparent ASA5505 and dhcp relay

tried adding the access list didnt work

VIP Purple

Transparent ASA5505 and dhcp relay

what is your actual config?

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
Purple

Transparent ASA5505 and dhcp relay

Hi,

These are 2 ACLs, the first one should be applied inbound on the client-side interface and the other inbound on the server-side interface with the access-group "ACL name" in interface "interface name" command

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
223
Views
0
Helpful
6
Replies