Skip Links

Network World

Brad Reese

How to configure access lists in the Cisco ASA with multiple contexts to allow DHCP

By Brad Reese on Wed, 04/30/08 - 4:21am.

Cisco How-To Tutorials

DHCP relay is not supported in the Cisco ASA.

Due to this reason, you need to allow DHCP requests and replies through the Cisco security appliance in transparent mode.

This can be achieved by configuring access lists in the firewall.

Configure these two access lists in the Cisco ASA:

1. access-list extended udp any eq 67

This access list allows DCHP requests from the inside interface to the outside.

Apply this access list on the inside interface of the firewall.

2. access-list extended permit udp any eq 67

This access list allows the replies from the server in the other direction.

Apply this access list on the outside interface of the firewall.

If unable to specify a particular destination host due to the client broadcasting a DHCPDISCOVER request on port 68, you can use any any as a source and destination.

View more Cisco How-To Tutorials

Contact Brad Reese
http://www.BradReese.Com

Brad's Top 5 Story Picks
# 1. Cisco skills shortage is baloney, expert says
# 2. Q & A with the ex-Cisco star who joined ethernet fabric switching startup, Woven Systems
# 3. Earth Day message from BradReese.Com
# 4. Vyatta: Cisco's product line remains locked up tighter than Fort Knox
# 5. Help on the way for SMB telephony reseller margins being squeezed to death by Cisco
Story Archives Brad Reese on Cisco Story Archives

Cisco Jobs

Cisco Repair

Cisco Resumes

Cisco Power Supplies
  

"DHCP relay is not supported

0
By Anonymous (not verified) on Wed, 04/30/2008 - 8:24am.

"DHCP relay is not supported in the Cisco ASA."

You may want to have a look here:
http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/df.html#wp1652623

Thank you for the link

0
By Brad Reese on Thu, 05/01/2008 - 8:05am.

Excellent.

Thank you for the link.

Sincerely and most gratefully yours,

Brad Reese
http://www.BradReese.Com

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Welcome, visitor. Register Log in
About Brad Reese on Cisco

Brad Reese cofounded BradReese.Com Cisco Refurbished, which enables affordable networks globally by assuring customer satisfaction with guaranteed one year warranties on both Cisco Repair as well as Refurbished Cisco.

Don't be shy, contact Brad Reese online or call him Toll Free:

866-864-0506

International callers may wish to call Brad by dialing:

850-364-4115

Archives
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
Categories
A classic scam to defraud Cisco's SMARTnet program
America's Best profile written by Useem regarding Chambers' success
Avian Securities Senior Telecom Research Analyst - Catharine Trebnick
Breakingviews.com correspondent - Robert Cyran
CCIE
Careers
Charlie Giancarlo - Managing Director of Silver Lake Partners and Skype investor
Cisco
Cisco ASR 9000 architecture
Cisco ISR G2 Module Support
Cisco Integrated Services Router Generation 2 (ISR G2) Model Comparison
Cisco Integrated Services Routers Generation 2 Portfolio
Cisco Unified Communications Support for Microsoft Windows 7
Cisco is pushing their ASR 9000 at very competitive prices
Cisco is warning Unified Communications customers about NOT successfully offering support for Microsoft Windows 7
Cisco technical star Jonathan Rosenberg
Cisco will have no liability for any delay in delivery
Data Center
Douglas Smith - Cofounder and President of Network Instruments
Expand visibility of NetFlow-dependent NBAD and compliance applications
GigaStor captures and converts packets in NetFlow data flows
Index Venture partner Danny Rimer
Jonathan Rosenberg - a Cisco Fellow in Cisco's Voice Technology Group
Juniper MX960 lab test results
LANs / WANs
Mark Roberts - Polycom vice president of partner marketing
Michael Useem - Professor of Management
Microsoft
NetFlow
NetFlow add-ons
NetFlow overhead can overtax infrastructure
Network Behavior Anomaly Detection (NBAD)
Network Management
Non-NetFlow capable devices are blind to local traffic
Produce NetFlow about any device
SMB
Security
Selection committee member for America's Best Leaders
September 2009 vs. October 2009 Worldwide CCIE Count Comparison
Silver Lake Managing Director - Egon Durban
Skype's cofounders Niklas Zennstrom and Janus Friis
Software
The Charlie angle is to keep Dave Roux on track
The new Cisco ISR G2 portfolio is priced as follows
VoIP / Convergence
What are the benefits of GigaStor NetFlow Agent?
What’s new on the Cisco ISR G2 models vs. the old ISR models?
Windows 7
Windows 7 just not worth an all-out urgent effort by Cisco to support
Wireless / Mobile
eBay CEO - John Donahoe
sFlow
sFlow and NetFlow provides extended visibility
On The Web
Twitter