Hello, I'm a newbie with the asa 5510 and I try to setup dhcp relay on this firewall.
I have the following configuration:
inside 10.0.0.1/255.0.0.0 security 100
outside xxx.yyy.zzz.uuu security 0
dmz 192.168.0.1/255.255.255.0 security 50
I have a DHCP Server running on the DMZ network. All clients on the inside network should receive an IP address from this server.
I enabled the dhcp relay function for the inside interface. And I put the server with the IP address 192.168.0.5 on the dmz interface in the server list.
So far I receive the dhcp discover on the dhcp server from the clients in the inside network. But I never get the dhcp offer on the client side. It seems the firewall is blocking alle the dhcp request messages.
It is necessary to put some rules on the interfaces inside and dmz to get the messages trough the firewall? I thought the dhcp relay will do all broadcast traffic without any rules.
Maybe someone can help me out with this and may give me an example how to put the rules to make the dhcp relay working for this kind of setup?
i think you need to have NAT rules defined. Do you have some existing ACL rules on this ASA? may be they are conflicting with DHCP. Please get the syslog messages and see if they are being blocked etc.
thanks for the reply. I was playing a little bit with my lab environment and found out there is actually no NAT rule necessary for the dhcp relay. It seem the problem I got here has something to do with the WindowsXP Client. Because my real lab environment contains the following parts.
I have a cable environment.
inside: cable modems which receive a IP Address from the DHCP Server in the dmz zone. behind the cable modem I have client PCs which also receive a IP Address from the dhcp server in the dmz zone.
dmz: dhcp server
As far as I recognized when using just a laptop on the inside interface instead of cable modem and PC behind that, the dhcp messages where not working correctly through the firewall.
Back at work I setup just some ACLs without any NAT and the DHCP Relay was working without any problem.
So I don't know exactly why my WINXP Laptop screwed up.
DHCP Relay on the ASA 5510 works fine for my cable environment so far, without any NAT. Just some ACLs for the UDP Broadcast Messages (DHCP and TFTP) are necessary.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...