Cisco ASA: DHCP Relay Over VPN

KB ID 0001501


A few weeks ago this was asked on one of the forums I post in. For a long time the ASA didn’t support DHCP relay then finally in version 9 it was added. The question was, can I provide DHCP relay but have the DHCP server on another site (connected via VPN). 

Well I wasn’t sure, so I put it on the mental back burner, until I got my EVE-NG server rebuilt. Below I knocked up a simple two site setup, then connected them via IPSEC VPN. The DHCP client is Windows 7, and the DHCP Server is 2012 R2.

ASA DHCP Relay over VPN


To be honest it could not be simpler! Obviously the site to site VPN needs to be up or it wont work! The config is simply added to the ASA on the DHCP Client side, (or the left hand one in the example above).

SiteA# configure terminal
SiteA(config)# dhcprelay server outside
SiteA(config)# dhcprelay enable inside
SiteA(config)# dhcprelay timeout 60

Of course you need to have a DHCP scope configured on the server for the subnet at Site A.

DHCP Scope


Related Articles, References, Credits, or External Links


Author: PeteLong

Share This Post On


  1. For this to work, do you need management interface set to inside interface via command:
    management-access inside ?

    Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *