Nextelco:ASA dhcp

= ASA DHCP = Lets configure ASA in order to obtain automatically an IP address in its outside interface and be the dhcp server for those nodes sitting behind inside interface. We assume that ASA has already been configured in the last steps. This is the configuration we would like to setup.



So first we will start with the external or outside interface.  The fist step is to shutdown the ethernet and vlan 2 interfaces ASA1(config)#interface ethernet 0/0 ASA1(config-if)#shutdown ASA1(config-if)#interface vlan 2 ASA1(config-if)#shutdown Then, we set vlan 2 interface to obtain the IP address through DHCP, together with the default route. ASA1(config-if)#ip address dhcp setroute Additionally, we set interface name and security level ASA1(config-if)#nameif outside ASA1(config-if)#security-level 0 Lets turn on the interfaces and set interface ethernet 0/0 to use vlan 2 ASA1(config-if)#no shutdown ASA1(config-if)#interface ethernet 0/0 ASA1(config-if)#switchport access vlan 2 ASA1(config-if)#no shutdown ASA1(config-if)#exit 

Now, lets continue with the internal interface. This interface will have a static IP address, but it will offer IP addresses to all nodes asking for it. We already have the interface with its IP address, name and security level.  With this configuration steps we will set the address pool, dns servers, domain name and the default gateway. ASA1(config)#dhcpd address 192.168.1.2-192.168.1.129 inside ASA1(config)#dhcpd dns 193.156.97.36 193.156.97.95 ASA1(config)#dhcpd domain basicinternet.no ASA1(config)#dhcpd option 3 ip 192.168.1.1 In order to enable the DHCP server we have to specify the interface name. ASA1(config)#dhcpd enable inside 

After we set up the interface, we need to set up the NAT configuration.  First we wil define an access-list in order identify all the traffic going from inside interface to any other network.</li> ASA1(config)#access-list inside_nat_outside extended permit ip 192.168.1.0 255.255.255.0 any Then we set NAT in the inside interface</li> ASA1(config)#nat (inside) 1 access-list inside_nat_outside And finally, if it is not yet, we set PAT in the outside interface</li> ASA1(config)#global (outside) 1 interface </ol>

Now we are able to connect from inside network, node Mac, to any other external network.

Lets continue with setting ASA as a dhcp relay device for a dhcp server sitting in its outside interface. This is the network diagram we will use:



So we assume that DHCP server is configured and running and also the ASA1, but we assume that ASA1 does not have any dhcp configuration. The same configuration has been used with NAT and without it. In both cases it works perfectly.

 Set DHCP relay configuration in ASA1.</li> ASA1(config)# dhcprelay server 193.156.96.65 outside ASA1(config)# dhcprelay enable inside It is really important to remember that the DHCP server needs to know which is the route to the inside network.</li> </ol>
 * 1) route add -net 192.168.1.0/24 gw 193.156.96.64

Return to Phase 1 page.