ASA 5505 IP Helper over VPN
websponge
Member Posts: 119
Hello,
Im posting this here as its probably more basic than I think!
I have been out of the firewall game for quite sometime and have a question about IP Helper on an ASA.
I have a 5505 set up in a home office for someone, I built it and set it all up without any major issues, I have set up site to site VPN to the main offices. I have used DHCP on the inside network (ports 1 -8 using 192.168.10.x) and outside interface connecting to his ISP as you would.
now, the main office is on 172.16.0.0 /15 so I have a VPN created for this, there is a server in this range (SIP DHCP) that he wants to connected to, as in plug a phone into one of the ports on the ASA.
Am I right in assuming, I allocate a switchport to the voice vlan (120) and just put ip-helper address of the SIP DHCP on the interface? apologies for the basic question, just want to make sure..
Thanks
Im posting this here as its probably more basic than I think!
I have been out of the firewall game for quite sometime and have a question about IP Helper on an ASA.
I have a 5505 set up in a home office for someone, I built it and set it all up without any major issues, I have set up site to site VPN to the main offices. I have used DHCP on the inside network (ports 1 -8 using 192.168.10.x) and outside interface connecting to his ISP as you would.
now, the main office is on 172.16.0.0 /15 so I have a VPN created for this, there is a server in this range (SIP DHCP) that he wants to connected to, as in plug a phone into one of the ports on the ASA.
Am I right in assuming, I allocate a switchport to the voice vlan (120) and just put ip-helper address of the SIP DHCP on the interface? apologies for the basic question, just want to make sure..
Thanks
CCDP Next
Comments
-
Edificer Member Posts: 187 ■■■□□□□□□□I've configured at least 20 Remote Field sites with 5505s, and I've never used DHCP Relay in the ASA SVI Interface or physical interfaces. My name servers are part of my ASA DHCP parameters:
dhcpd dns <ip address name-server1> <ip address name-server2>
For my Call Manager addresses I enable option 150 with my Call Manager ip addresses, as part of the DHCP configuration parameters:
dhcpd option 150 ip <ip address call manager 1> <ip address call manager 2>
Anything (routers/switches) configured behind the Remote Field sites firewall I do use DHCP Relay in SVI.
Hope this helps.“Our greatest glory is not in never falling, but in rising every time we fall.” Confucius -
websponge Member Posts: 119I've configured at least 20 Remote Field sites with 5505s, and I've never used DHCP Relay in the ASA SVI Interface or physical interfaces. My name servers are part of my ASA DHCP parameters:
dhcpd dns <ip address name-server1> <ip address name-server2>
For my Call Manager addresses I enable option 150 with my Call Manager ip addresses, as part of the DHCP configuration parameters:
dhcpd option 150 ip <ip address call manager 1> <ip address call manager 2>
Anything (routers/switches) configured behind the Remote Field sites firewall I do use DHCP Relay in SVI.
Hope this helps.
Ah ok, this makes sense. so the phone plugs in and would then request an IP from the head office range, build the tunnel and off we go..?CCDP Next -
Edificer Member Posts: 187 ■■■□□□□□□□That is correct. I assume you are creating the scopes in your DHCP server in your head office. If you create it in your ASA the phone would get an IP from the ASA register it with your CUCM in head office. The commands I mentioned are part of the DHCP parameters in your ASA that you would not have any use for if the scopes are in main.
You still don't need to put a DHCP Relay in 5505 vlan interface.“Our greatest glory is not in never falling, but in rising every time we fall.” Confucius -
Edificer Member Posts: 187 ■■■□□□□□□□Give this a look: ASA5505 with Security Plus routing - Cisco | DSLReports Forums“Our greatest glory is not in never falling, but in rising every time we fall.” Confucius