How to configure access lists in the Cisco ASA with multiple contexts to allow DHCP

Cisco How-To Tutorials
DHCP relay is not supported in the Cisco ASA. Due to this reason, you need to allow DHCP requests and replies through the Cisco security appliance in transparent mode. This can be achieved by configuring access lists in the firewall. Configure these two access lists in the Cisco ASA:

1. access-list extended udp any eq 67 This access list allows DCHP requests from the inside interface to the outside. Apply this access list on the inside interface of the firewall.
2. access-list extended permit udp any eq 67 This access list allows the replies from the server in the other direction. Apply this access list on the outside interface of the firewall.

If unable to specify a particular destination host due to the client broadcasting a DHCPDISCOVER request on port 68, you can use any any as a source and destination.

View more Cisco How-To Tutorials

Contact Brad Reese
http://www.BradReese.Com

Brad's Top 5 Story Picks
# 1.
 Cisco skills shortage is baloney, expert says
# 2.
 Q & A with the ex-Cisco star who joined ethernet fabric switching startup, Woven Systems
# 3.
 Earth Day message from BradReese.Com
# 4.
 Vyatta: Cisco's product line remains locked up tighter than Fort Knox
# 5.
 Help on the way for SMB telephony reseller margins being squeezed to death by Cisco
Story Archives
 Brad Reese on Cisco Story Archives
Cisco Jobs Cisco Repair Cisco Resumes Cisco Power Supplies
  
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Brad Reese is research manager at BradReese.Com, advancing the careers of 600,000-plus certified individuals in the growing Cisco Career Certification Program.

Copyright © 2008 IDG Communications, Inc.