1

In my network, I have three remote locations that use different subnets then the main location. They are connected to the main location through cisco ASAs.

they are as follows:

192.168.0.1 location 1
192.168.1.1 location 2
192.168.2.1 location 3
192.168.3.1 location 4

My main location, 1, hands out IP addresses in the 192.168.0.100/199 range with some static assignments. It does not handle IP assignment for the other 3 locations... Atleast I do not see any configuration in the DHCP management console.

It was explained to me before however that my DC did handle DHCP assignment for the other 3 locations.. I don't find this possible with no obvious configuration in the management console..

I believe that the ASAs are handling the DHCP for the 3 remote locations, and using the DC as the primary DNS for lookups...

I would like to change this and have the DC handle DHCP for the 3 remote locations - however I have never setup a multiple subnet DHCP server - does anyone have any good tutorials, or advice that they can offer in this situation?

thanks.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
Jeff
  • 1,089
  • 5
  • 26
  • 46

2 Answers2

2

It's really pretty simple. You need to create a DHCP scope for each subnet with the appropiate ip address range, subnet mask, reservations, scope options, and make sure that the ASA is configured as a DHCP relay agent.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • thats pretty simple lol. one question i have.. if i start creating the DHCP scopes now, set them up with my reservations etc.. then say tommorow morning i change the ASA settings. will this mess up anything between now and tommorow morning? I dont think the machines would look at the DHCP server until the ASA is configured for the relay? – Jeff Jan 24 '11 at 18:55
  • Everything should be fine. The DHCP server won't hand out addresses for those scopes until it recieves a DHCP request from one of those subnets. In addition, you can hold off on activating the new scopes until you have the ASA ready. – joeqwerty Jan 24 '11 at 19:04
  • i created the DHCP scopes for the subnet (192.168.3.x). i configured the remote asa to stop acting as a dhcp server, added the global dhcp relay servers, it says specify up to four servers to which dhcp requests would be relayed. i entered my main dhcp server (192.168.1.254), enabled dhcp relay agent on the inside and enabled setroute on the inside. remoted into one of the .3 machines, did an ipconfig /renew and it told me it could not communicate with the DHCP server, than i lost connection.. any ideas? – Jeff Jan 24 '11 at 20:15
  • I'm not a Cisco guy so I can't help you with the actual config but I'm fairly positive that the ASA on the remote end needs to have the ip helper-address configured on it's internal (LAN) interface to point to your W2K8 DHCP server's ip address. I'm not clear on what you mean "global dhcp relay servers". I'm also not clear on what "setroute" is or does. You shouldn't have to set up any special routing as the remote sites should already have a static route to the main office, no? – joeqwerty Jan 24 '11 at 21:32
  • yes they do. i appreciate your help tho - i did some research into the IP healper. I know basics of ciscos. like how to setup a simple site-tosite vpn and access rules etc. using the asdm gui. thats about it. im going to do some additional research and see if i come up with anything. again i appreciate your help. – Jeff Jan 24 '11 at 21:43
  • Glad to help. As I said, I think the ip helper-address only needs to be configured on the LAN interface of the remote site router. If it gets tricky you can always set up a packet sniffer on the main office router and watch for incoming DHCPDiscover packets. If you don't see them there then work your way back to the remote office router. You can do this with a laptop, a hub, and a packet sniffer installed on the laptop. Just "insert" the hub and laptop in between links to see all the traffic traversing those links. – joeqwerty Jan 24 '11 at 21:53
2

ASA should be configured as DHCP relay. On Cisco switches this can be done by issuing ip helper-address command in interface context.

I've never dealt with Windows® DHCP-server, but have such configuration working with isc-dhcpd. It requires all subnets description for not directly connected to be grouped with one directly connected via "shared-network {}" statement. Then dhcpd decides which address to allocate by inbound interface and IP-address of the relay.

gelraen
  • 2,341
  • 20
  • 19