Skip Links

Go to page content
Go to site-wide navigation
Go to Contact Us page

Network World

Back to Cisco Subnet

Brad Reese on Cisco

by Brad Reese

Previous Article Next Article

How to configure access lists in the Cisco ASA with multiple contexts to allow DHCP

By Brad Reese on Wed, 04/30/08 - 4:21am.

Newsletter Signup

Share
Tweet This
Email this page
Comment
Print

DHCP relay is not supported in the Cisco ASA.

Due to this reason, you need to allow DHCP requests and replies through the Cisco security appliance in transparent mode.

This can be achieved by configuring access lists in the firewall.

Configure these two access lists in the Cisco ASA:

1.	access-list extended udp any eq 67

This access list allows DCHP requests from the inside interface to the outside.

Apply this access list on the inside interface of the firewall.

2. access-list extended permit udp any eq 67

This access list allows the replies from the server in the other direction.

Apply this access list on the outside interface of the firewall.

If unable to specify a particular destination host due to the client broadcasting a DHCPDISCOVER request on port 68, you can use any any as a source and destination.

View more Cisco How-To Tutorials

http://www.BradReese.Com


	Cisco skills shortage is baloney, expert says
	Q & A with the ex-Cisco star who joined ethernet fabric switching startup, Woven Systems
	Earth Day message from BradReese.Com
	Vyatta: Cisco's product line remains locked up tighter than Fort Knox
	Help on the way for SMB telephony reseller margins being squeezed to death by Cisco
	Brad Reese on Cisco Story Archives

Cisco Power Supplies

Tags

"DHCP relay is not supported

By Anonymous (not verified) on Wed, 04/30/2008 - 9:24am.

"DHCP relay is not supported in the Cisco ASA."

You may want to have a look here:
http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/df.html#wp1652623

Email this comment

Thank you for the link

By Brad Reese on Thu, 05/01/2008 - 9:05am.

Excellent.

Thank you for the link.

Sincerely and most gratefully yours,

Brad Reese
http://www.BradReese.Com

Email this comment

Welcome, visitor. Register Log in

Advertisement:

About Brad Reese on Cisco

Brad Reese cofounded BradReese.Com Cisco Refurbished which offers one year warranties on Cisco Refurbished and Cisco Repair.

Contact Brad Reese

Contact Requires Login

Archives: July 2009; June 2009; May 2009; April 2009; March 2009; February 2009; January 2009; December 2008; November 2008; October 2008; September 2008; August 2008; July 2008; June 2008; May 2008; April 2008; March 2008; February 2008; January 2008; December 2007; November 2007; October 2007; September 2007; August 2007; July 2007; June 2007; May 2007; April 2007; March 2007; February 2007; January 2007

Categories: 1811 expands to 384Mbps of DRAM and 128Mbps of Flash; A UBS analyst is reporting that Cisco's losing market share across the board; A company's monthly network communications cost will be reduced; A government official in possession of a large corporate stockholding while that corporation is subject to administrative rulings by that same government official; Agito adds that its enterprise fixed mobile convergence (eFMC) platform enables low-cost in-building voice coverage; Agito introduced Agito for BlackBerry; Agito's BlackBerry smart phone functionality for Cisco VoIP; Agito's RIM BlackBerry support announcement; An assortment of communications companies; Apple iPhone 3G S; Apple will begin selling its new iPhone 3G S; Applying a Mask of 11111111.11111111.11111111.0000; Back in April the CCIE Security track changed; Before Cisco CTO Padmasree Warrior was hired by Cisco; Below are two addresses broken out from dotted decimal to binary and then redisplayed with dots separating octet boundaries; Bill Alderson - NetQoS Technology Consulting Officer; Black Hat attack on Cisco's network admission control (NAC); Boas also led an educational session at the Gartner Security Summit; Boas shares his insight on the most prevalent threats to the enterprise network; Brings enterprise VoIP over WiFi for dual-mode BlackBerry smartphones; Careers; Certified by Cisco-Linksys technicians via Linksys ISO certification procedures; Chairman and CEO of Cisco China - Jim Sherriff; Cisco; Cisco 1811 IOS 12.4 with SDM is the standard for Cisco CCNA – Security Labs; Cisco 1811 is now standard on the Cisco CCIE Security Lab with IOS 12.4T; Cisco Flip Video Camera; Cisco NAC design flaws that the folks at Black Hat so alarmingly described; Cisco has produced a new CCIE count; Cisco has successfully made the market transition to selling refurbished Linksys directly to end users; Cisco is also offering its new home media ensemble; Cisco is celebrating its 25th anniversary this year; Cisco merged the Linksys channel partner program into Cisco's registered partner tier; Cisco only counts your CCIE number once; Cisco registered the shoplinksys.com domain name to sell refurbished Linksys; Cisco released its new worldwide CCIE count; Cisco sales plummeted $1.6 billion (Page 4) and operating income nose-dived $1 billion; Cisco shouldn’t until it works out the kinks; Cisco's executive biographies web page; Compromised the Cisco agent installed on the end system; Confirmation testimony before the U.S. Senate noteworthy; Customer-proven best practices of network access control (NAC); DSL/Cable with the Cisco 1811 makes sense; Data Center; Desai previously served as Chief Operating Officer of Radware (NASDAQ: RDWR); Didn’t RIM already support voice over WiFi?; Doesn’t RIM’s Ascendent acquisition give them this?; Dotted decimal addresses that end up falling under a non-octet boundary subnet mask; Dual CCIE #18532 Routing and Switching/Security - George Morton; Dual Cisco CCIE #18532 Security/R&S - George Morton; Dual-mode BlackBerry smartphones; During the first 9 months of Cisco's 2009 fiscal year under Warrior's leadership as CTO; Each eight bits being converted to decimal; Enables BlackBerry to be integrated into corporate PBXs and Unified Communications systems; Enterasys NAC is agent-less assessment based on a network scan; Enterasys security expert Dennis Boas; Enterasys uses multiple criteria beyond end system health assessment to assign and limit access granted to an end system; Enterprise concerns about the financial and management aspects of NAC; Enterprises that have standardized on the BlackBerry platform; FCC requires the old Bell System to report its T1 outage and that the repair needs to be under 4 hours for 95% of all T1 outages; Famous networking industry journalist; Feature allowing entry of a real address mask of your own to test if it is on the same or remote network; Flexible options with Enterasys NAC; HP and Liquid Computing; Half the smartphones in use in the US today are BlackBerry devices; How Cisco was working overtime AGAINST the Buy America provisions of the $7.2B broadband stimulus fund; How LiquidIQ Works; How useful do you find this subnet calculator?; I developed the Subnet Calculator to make learning more demonstrative and fun; I have worked for a handful of telecommunications companies of varying sizes; I voted for President Obama seeking change; In the subnet calculator the binary and the n; Interesting CCIE news from around the world; Internet access at the branch would run faster than traditional T1 services; Is Cisco getting ready to sell its refurbished gear directly to end users too?; Is George Morton on to something here?; It will kill the Cisco Flip video camera; Its been proven that a government official can be bribed with free dinners; Joel Bion - Senior Vice President of Cisco's Product Resiliency Research; LANs / WANs; Larry Strickling is confirmed as the new Administrator of the National Telecommunications and Information Administration (NTIA); Last month Cisco missed the multiple CCIE numbers; Leaving Warrior with absolutely no future as the CTO of Motorola; Linksys by Cisco Certified Refurbished Product; Linksys by Cisco Wireless Home Audio System; Liquid Computing's definition of unified computing (LiquidIQ) is a flexible; LiquidIQ Business Continuity - Disaster Recovery Made Simple; LiquidIQ Technical Specifications; LiquidIQ Total Software Control - LiquidView Management; LiquidIQ can consolidate functions including web; LiquidIQ is the only UCS system that's listed by VMware to support VSphere; LiquidIQ is the only standards-based unified computing solution that’s in production today with paying customers; LiquidIQ was designed with built-in security; Made by Strickling during his March 19; Manny Rivelo - Senior Vice President of Cisco's Development Organization; Market failures for business class DSL/Cable is unacceptable; May 2009 vs. June 2009 Worldwide CCIE Count Comparison; Mobile features integrated into the BlackBerry; Morton believes with DSL/Cable services having up to 18Mbps of download availability; Morton's design would route all requests over the DMVPN-mGRE; Motorola operating earnings dropped $3.8 billion to a loss of $534 million; Motorola sales had collapsed by more than $4 billion (Page 1); Multiple pipes with QoS for voice dedicated to one uplink and data services on the second link; My previous government service at the FCC provide me a unique background for the position of Assistant Secretary; NetQoS Subnet Calculator offers a view of every bit in the IP address to help network engineers understand how IP subnetting works; Network Management; Network World's Data Center Derby story acknowledged Liquid's first-mover advantage with its unified data center concept; Network performance management vendor NetQos; Network security vendor Enterasys; Nortel had purchased Alteon for $7.8 billion; Not too many senior executives are around from Cisco's early days; Omitted the years of Cisco service for both John Morgridge and Richard Justice because they are no longer full-time Cisco executives; Only 66% of all applicants who passed were for the CCIE Router and Switch track; Only one CCIE is a member of Cisco's 59 strong senior executive team; Pacific Rim CCIE numbers didn't change over the last 39 days; Pejman Roshan - Chief Marketing Officer of enterprise fixed mobile convergence (eFMC) vendor Agito Networks; Ponemon Institute reported; R & S + Security this year as the most popular dual CCIE track; R & S + Service Provider was 49% of the successful attempts for dual CCIE; RIM offers only data services over WiFi on their dual-mode smartphones; Radware recently purchased Nortel's application delivery business (Alteon) for the cut-rate price of $18 million; Refurbished product are mostly customer returns that meet original factory specifications; Refurbished product sold in the United States; Responsible for Cisco's IOS Software; SMB; Screenshot of the NetQoS Subnet Calculator; Security; Security mechanisms are used to validate the integrity and authenticity of the Enterasys agent for all server/agent communications; She was the CTO of Motorola and dismissed in her blog the introduction of the Apple iPhone; Showed that Stickling owned a large Cisco stock position; So we had 251 new CCIEs; Start by entering your address and mask in the calculator; Subject of Cisco's senior executive team came up; The Federal Reserve has moved from complex Cisco routers with T1 service to Cisco low end routers (ISR 1811) with DSL; The IOS 12.4 track with ISR routers is slowing down the Security CCIE track; The National Telecommunications and Information Administration (NTIA) granted Cisco its coveted Buy American Exception; The average tenure would be of the 61 executives listed on Cisco's Mount Rushmore; The change in the CCIE Security track has had a major impact on new security CCIEs; Until one takes some real addresses and experiments with how the mask affects the address bits; View Cisco's flash promotion for its home media ensemble; View more Cisco Tools; Vik Desai - President and Chief Executive Officer of unified computing infrastructure vendor - Liquid Computing; VoIP / Convergence; Warrior is now repeating her Motorola failure at Cisco; We're also now starting to see the CCIE Wireless track; We've experienced a new low for CCIE Security track; What exactly has Agito Networks announced this week?; What's your take on the implications of the new worldwide Cisco CCIE count?; Why is cellular-only PBX and UC integration incomplete?; Why the Enterasys NAC solution is doing so well; Why the Enterasys NAC solution is in such high demand; Wireless / Mobile; Within 9 months of the Apple iPhone introduction

On The Web: Twitter

Daily Newsletter Get the most important tech news every day: Terms of Service

Network World, Inc The Leader in Network Knowledge

Other IDG Sites

Copyright © 1994 - 2009 Network World, Inc. All rights reserved.

Terms of Service