Nextelco:ASA dhcp

From its-wiki.no
Jump to: navigation, search

ASA DHCP

Lets configure ASA in order to obtain automatically an IP address in its outside interface and be the dhcp server for those nodes sitting behind inside interface. We assume that ASA has already been configured in the last steps. This is the configuration we would like to setup.


DHCP


So first we will start with the external or outside interface.

  1. The fist step is to shutdown the ethernet and vlan 2 interfaces
    2. ASA1(config)#interface ethernet 0/0
ASA1(config-if)#shutdown
ASA1(config-if)#interface vlan 2
ASA1(config-if)#shutdown
  2. Then, we set vlan 2 interface to obtain the IP address through DHCP, together with the default route.
    3. ASA1(config-if)#ip address dhcp setroute
  3. Additionally, we set interface name and security level
    4. ASA1(config-if)#nameif outside
ASA1(config-if)#security-level 0
  4. Lets turn on the interfaces and set interface ethernet 0/0 to use vlan 2
    5. ASA1(config-if)#no shutdown
ASA1(config-if)#interface ethernet 0/0
ASA1(config-if)#switchport access vlan 2
ASA1(config-if)#no shutdown
ASA1(config-if)#exit


Now, lets continue with the internal interface. This interface will have a static IP address, but it will offer IP addresses to all nodes asking for it. We already have the interface with its IP address, name and security level.

  1. With this configuration steps we will set the address pool, dns servers, domain name and the default gateway.
    2. ASA1(config)#dhcpd address 192.168.1.2-192.168.1.129 inside
ASA1(config)#dhcpd dns 193.156.97.36 193.156.97.95
ASA1(config)#dhcpd domain basicinternet.no
ASA1(config)#dhcpd option 3 ip 192.168.1.1
  2. In order to enable the DHCP server we have to specify the interface name.
    3. ASA1(config)#dhcpd enable inside


After we set up the interface, we need to set up the NAT configuration.

  1. First we wil define an access-list in order identify all the traffic going from inside interface to any other network.
    2. ASA1(config)#access-list inside_nat_outside extended permit ip 192.168.1.0 255.255.255.0 any
  2. Then we set NAT in the inside interface
    3. ASA1(config)#nat (inside) 1 access-list inside_nat_outside
  3. And finally, if it is not yet, we set PAT in the outside interface
    4. ASA1(config)#global (outside) 1 interface


Now we are able to connect from inside network, node Mac, to any other external network.



Lets continue with setting ASA as a dhcp relay device for a dhcp server sitting in its outside interface. This is the network diagram we will use:


Nextelco ASA DHCP relay.png


So we assume that DHCP server is configured and running and also the ASA1, but we assume that ASA1 does not have any dhcp configuration. The same configuration has been used with NAT and without it. In both cases it works perfectly.

  1. Set DHCP relay configuration in ASA1.
    2. ASA1(config)# dhcprelay server 193.156.96.65 outside
ASA1(config)# dhcprelay enable inside
  2. It is really important to remember that the DHCP server needs to know which is the route to the inside network.
    3. #route add -net 192.168.1.0/24 gw 193.156.96.64



Return to Phase 1 page.

Retrieved from "https://its-wiki.no/index.php?title=Nextelco:ASA_dhcp&oldid=20590"