Dhcp Issue Relay through ASA Firewall

Posted on 2012-09-21
Last Modified: 2012-09-30
I have 3 networks with an ASA firewall between them and my main network.  One of these is just for routing and contains an interface on the firewall, the other 2 are client networks which route through that network.  My dhcp server is on the main network on the other side of the firewall from the 2 client networks.  I am using IP helper-Address commands on cisco layer 3 switches pointing to my DHCP server and then rules allowing port 67 and 68 through the firewall to the server.  I see hits on the rules but do not get an address.  The scope worked before I added the firewall.
Question by:Jared_Brown
    LVL 36

    Expert Comment

    is the ASA running NAT, or in transparent mode ?
    LVL 60

    Expert Comment

    Wonder if you have dhcp relay for asa...instead of ip helper address to simplify
    LVL 21

    Expert Comment

    Can you post a network diagram with the various IP subnets and the firewall configs?

    Accepted Solution

    Good morning everyone.  The ASA is running in routed mode,  The ASA is not the gateway for the client subnets it terminates a routing subnet to into which the client subnets converge.

    The issue seems to have been some kind of address caching, It was not working when I went home on Friday, but It was when I came back in on Monday and has continued to work since.

    Author Closing Comment

    As it turns out the origional configuration was correct but old information must have been held somewhere in the network, or something like that which resolved itself with time.  The problem resolved itself after a few hours had passed.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    There is a question posted at ( and i…
    It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now