Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSec VPN + Centralised DHCP Server + Remote DHCP clients

Hi,

I would like to know if the following scenario is possible or not.

There is an IPSec VPN between an ASA 5520 and another VPN device at a remote site. There is a central DHCP server in the INSIDE on the ASA. Now this ASA should release IP address to clients in the remote site located behind the VPN device at the other side. Is this possible?

DHCP uses broadcast and IPSeC does not support broadcast or multicast. So is this scenario technically possible (using relay).

Thanks and Regards

Sonu

3 REPLIES
Silver

Re: IPSec VPN + Centralised DHCP Server + Remote DHCP clients

IPSEC VPN Tunnel only works with Unicast traffic. It does not work on Multicast or Broadcast. But DHCP requires broadcast. The Solution for this is GRE over IPSEC. With GRE IPSEC Tunnel, Multicast and Broadcast are converted to Unicast. So you can use GRE tunnel between your VPN device.

New Member
New Member

Re: IPSec VPN + Centralised DHCP Server + Remote DHCP clients

The DHCP Offer is Layer 2. Since the ASA crypto ACL is all Layer 3, this wont work. You need a appliance that supports route based VPNS.

236
Views
9
Helpful
3
Replies