Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA Dynamic VPN and DHCP Relay - If this is possible, how to?

Hi Experts,

I've got an interesting setup to deploy that I've been struggling to implement yet.

First the picture, then the words follow:

ASA-5505.png

Specifications / Limitations:

1. Head Office: ASA-5512 running 8.4 and corporate data centre with DHCP central services.

2. I've been tasked to deploy a temporary kiosk or a whole branch site as per above topology

   2. a. No gurantee of a fixed IP to the outside of the ASA5505 branch router by ISP.

        b. SDSL may provide a possibility of a fixed static IP address.

3. I have managed to create a IPSEC VPN tunnel successfully by employing a dynamic crypto map on ASA 5512.

4. The requirement is that the DHCP server should be centralised and thus a DHCP relay needs to be setup on the inside of ASA5505.

It is the points 2.a and 4 which are stumbling me.

I have already gone through the following links:

https://supportforums.cisco.com/thread/221243

https://supportforums.cisco.com/thread/2054584

https://supportforums.cisco.com/thread/2058531

https://supportforums.cisco.com/thread/2170335

and of course

https://supportforums.cisco.com/docs/DOC-16314 and

http://www.cisco.com/en/US/products/ps12726/products_configuration_example09186a0080c144d0.shtml

If I have to meet the 4th condition, with the current setup, is it possible or will I have to stick with either a static IP address for my outside on the ASA5505 or may be setup the DHCP. Basically, I am questioning the credibility of the design and if this can somehow be achieved?

Thanks,

Sandeep

2 REPLIES
New Member

ASA Dynamic VPN and DHCP Relay - If this is possible, how to?

Hi Sandeep.  Did you ever figure this out?  I'm running into the exact same issue.

New Member

ASA Dynamic VPN and DHCP Relay - If this is possible, how to?

Hi Dan,

I read a lot about this. I've concluded it's not possible to implement this "reliably".

As you'll need to include dynamic ip address's entire prefix of the dynamic peer itself. I decided to explain to client that they'd have to settle for local dhcp.

Sorry.   

321
Views
0
Helpful
2
Replies
CreatePlease to create content