Network World
Thursday, July 24, 2008
DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Brad Reese on Cisco

Cisco Subnet
NetworkWorld.com > Community > Brad Reese on Cisco

How to configure access lists in the Cisco ASA with multiple contexts to allow DHCP

Submitted by Brad Reese on Wed, 04/30/2008 - 12:21am.

Cisco How-To Tutorials

DHCP relay is not supported in the Cisco ASA.

Due to this reason, you need to allow DHCP requests and replies through the Cisco security appliance in transparent mode.

This can be achieved by configuring access lists in the firewall.

Configure these two access lists in the Cisco ASA:

1. access-list extended udp any eq 67

This access list allows DCHP requests from the inside interface to the outside.

Apply this access list on the inside interface of the firewall.
2. access-list extended permit udp any eq 67

This access list allows the replies from the server in the other direction.

Apply this access list on the outside interface of the firewall.

If unable to specify a particular destination host due to the client broadcasting a DHCPDISCOVER request on port 68, you can use any any as a source and destination.

View more Cisco How-To Tutorials

Contact Brad Reese
http://www.BradReese.Com

Brad's Top 5 Story Picks
# 1. Cisco skills shortage is baloney, expert says
# 2. Q & A with the ex-Cisco star who joined ethernet fabric switching startup, Woven Systems
# 3. Earth Day message from BradReese.Com
# 4. Vyatta: Cisco's product line remains locked up tighter than Fort Knox
# 5. Help on the way for SMB telephony reseller margins being squeezed to death by Cisco
Story Archives Brad Reese on Cisco Story Archives

Cisco Jobs

Cisco Repair

Cisco Resumes

Cisco Power Supplies
  

"DHCP relay is not supported

Useful answer?
0
Submitted by Anonymous (not verified) on Wed, 04/30/2008 - 5:24am.

"DHCP relay is not supported in the Cisco ASA."

You may want to have a look here:
http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/df.html#wp1652623

Thank you for the link

Useful answer?
0
Submitted by Brad Reese on Thu, 05/01/2008 - 5:05am.

Excellent.

Thank you for the link.

Sincerely and most gratefully yours,

Brad Reese
http://www.BradReese.Com

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

About Brad Reese on Cisco

Brad Reese is research manager at BradReese.Com, advancing the careers of 1 million certified individuals in the growing Cisco Career Certification Program.

RSS feed

Contact him.

Brad's blogroll

Brad Reese on Cisco archive.

Cisco Subnet

Advertisement: