Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

dhcp relay in asa through vpn is not working

i have asa in ver 9.0.1 at the site and asa ver 8.2.5 at the center 

when configuring dhcprelay through site to site vpn its not working 

i can see at the center asa the broadcast packet and not the ip of the asa outside interface 

i saw that their is a bug in older version but we are not their 

using another fw instead of the asa at the site works fine 

Cisco Employee

Hi brinat,

Hi brinat,

I am not aware of any known issue with this type of configuration, can you share the tunnel configuration and the dhcp relay config as well?

This document explains all the configuration:

Hope this info helps!!

Rate if helps you!! 


Cisco Employee

Hi brinat      ,


the concept behind this to be working is pretty simple , we must understand the role of one of the ASA as DHCP relay agent .

From the ASA acting as a DHCP relay agent you should be able to ping the DHCP server from your inside interface , or the interface behind which the DHCP clients are so for example

ping inside , being DHCP server ip address . You just need to ensure that you have inside ip address and destination DHCP server ip address defined in the crypto access-list .

Once we have done that we are clear on crypto side of things and we then need to configure ASA as a DHCP client and the configuration is simple

dhcprelay server outside
dhcprelay enable inside

By doing that we are setting up ASA to act as a relay agent during DORA process (by the use of command :- dhcprelay enable inside) and also defining our DHCP server on outside (dhcprelay server outside)

To understand more on how DHCP server relay operation refer to the document

Hope that helps