0

I'm trying to configure our network to separate it through DMZ. Basically allowing full access from each network to the servers but blocking access from these networks communicating with each other’s.

The way I have it setup:

Servers - 192.168.10.x/24 Data - 192.168.30.x/24 Dev - 192.168.40.x/24

So data is blocked between Dev/Data but full access is given to servers. The DHCP is where i'm having the issue. I would like the server’s network to be able to assign data/dev their IP addresses.

Can you think of any way this is possible? I can enable DHCP on the asa5505 but its messy and not as easy to see who's using what. we are about to change everything to mac authentication on all wireless devices so using the asa5505 as the DHCP server will not work long term.

Any help would be greatly appreciated!

Thanks for your time.

LbakerIT
  • 67
  • 1
  • 8

1 Answers1

2

It is possible, yes.

You basically want to set up an IP helper relay to forward DHCP packets to another subnet, even if they're broadcast packets.

Support multiple subnets with one DHCP server by configuring DHCP relay agents: http://technet.microsoft.com/en-us/library/cc771390.aspx

Ryan Ries
  • 55,481
  • 10
  • 142
  • 199
  • 1
    [Cisco ASA 8.2 Configuration Guide: Configuring DHCP Relay Services](http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/dhcp.html#wp1115812) – resmon6 Mar 16 '12 at 14:09
  • Thanks for the suggestions! I have enabled DHCP relay for the server Network and pointed it to the DHCP server. I have also added each address scheme in. 192.168.50.50-192.168.50.200 192.168.30.50-192.168.30.200 The issue i'm having now is that the DHCP server (server 2008R2) is not populating the list of leased addresses and its populating on the ASA. to setup DHCP server relay it requires you disable DHCP on all interfaces. Do you guys know if theres a fix for that? – LbakerIT Mar 17 '12 at 19:42