Nextelco:ASA dhcp
ASA DHCP
Lets configure ASA in order to obtain automatically an IP address in its outside interface and be the dhcp server for those nodes sitting behind inside interface. We assume that ASA has already been configured in the last steps. This is the configuration we would like to setup.
So first we will start with the external or outside interface.
- The fist step is to shutdown the ethernet and vlan 2 interfaces
- Then, we set vlan 2 interface to obtain the IP address through DHCP, together with the default route.
- Additionally, we set interface name and security level
- Lets turn on the interfaces and set interface ethernet 0/0 to use vlan 2
ASA1(config)#interface ethernet 0/0 ASA1(config-if)#shutdown ASA1(config-if)#interface vlan 2 ASA1(config-if)#shutdown
ASA1(config-if)#ip address dhcp setroute
ASA1(config-if)#nameif outside ASA1(config-if)#security-level 0
ASA1(config-if)#no shutdown ASA1(config-if)#interface ethernet 0/0 ASA1(config-if)#switchport access vlan 2 ASA1(config-if)#no shutdown ASA1(config-if)#exit
Now, lets continue with the internal interface. This interface will have a static IP address, but it will offer IP addresses to all nodes asking for it. We already have the interface with its IP address, name and security level.
- With this configuration steps we will set the address pool, dns servers, domain name and the default gateway.
- In order to enable the DHCP server we have to specify the interface name.
ASA1(config)#dhcpd address 192.168.1.2-192.168.1.129 inside ASA1(config)#dhcpd dns 193.156.97.36 193.156.97.95 ASA1(config)#dhcpd domain basicinternet.no ASA1(config)#dhcpd option 3 ip 192.168.1.1
ASA1(config)#dhcpd enable inside
After we set up the interface, we need to set up the NAT configuration.
- First we wil define an access-list in order identify all the traffic going from inside interface to any other network.
- Then we set NAT in the inside interface
- And finally, if it is not yet, we set PAT in the outside interface
ASA1(config)#access-list inside_nat_outside extended permit ip 192.168.1.0 255.255.255.0 any
ASA1(config)#nat (inside) 1 access-list inside_nat_outside
ASA1(config)#global (outside) 1 interface
Now we are able to connect from inside network, node Mac, to any other external network.
Lets continue with setting ASA as a dhcp relay device for a dhcp server sitting in its outside interface. This is the network diagram we will use:
Return to Phase 1 page.