How to configure access lists in the Cisco ASA with multiple contexts to allow DHCP

Cisco How-To Tutorials
DHCP relay is not supported in the Cisco ASA. Due to this reason, you need to allow DHCP requests and replies through the Cisco security appliance in transparent mode. This can be achieved by configuring access lists in the firewall. Configure these two access lists in the Cisco ASA:

1. access-list extended udp any eq 67 This access list allows DCHP requests from the inside interface to the outside. Apply this access list on the inside interface of the firewall.
2. access-list extended permit udp any eq 67 This access list allows the replies from the server in the other direction. Apply this access list on the outside interface of the firewall.

If unable to specify a particular destination host due to the client broadcasting a DHCPDISCOVER request on port 68, you can use any any as a source and destination.


View more Cisco How-To Tutorials

Contact Brad Reese
http://www.BradReese.Com

  
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.