IPSec VPN + Centralised DHCP Server + Remote DHCP clients
I would like to know if the following scenario is possible or not.
There is an IPSec VPN between an ASA 5520 and another VPN device at a remote site. There is a central DHCP server in the INSIDE on the ASA. Now this ASA should release IP address to clients in the remote site located behind the VPN device at the other side. Is this possible?
DHCP uses broadcast and IPSeC does not support broadcast or multicast. So is this scenario technically possible (using relay).
IPSEC VPN Tunnel only works with Unicast traffic. It does not work on Multicast or Broadcast. But DHCP requires broadcast. The Solution for this is GRE over IPSEC. With GRE IPSEC Tunnel, Multicast and Broadcast are converted to Unicast. So you can use GRE tunnel between your VPN device.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...