ASA no internet connection and no dhcp on added vlan

Answered Question

Hi all - I was hoping to get a few experienced eyes on my config. I am having problems connecting to the internet from the internal vlans. Any ideas?

Also, I am trying to setup dhcp on both vlan2 (private) and vlan3 (guest) however only the vlan2 (private) serves addresses. Any idea what I'm missing to get vlan3 (guest) to work?

Any other tips or suggestions are greatly appreciated. Thanks.

I have this problem too.
0 votes
Correct Answer by JORGE RODRIGUEZ about 8 years 5 months ago

Interesting ..I tested the configuration in my lab worked perfectly. This was done on same model as yours with Sec Plus license however running 8.0(3) code, plugged in a system in port 5 and received dhcp fine, so I am not sure whether there could be issue with dhcpd in your current code, I looked at bug database on your code 7.2.3 but did not find any relevant info on dhcpd problems for this particular scenario, Im not sure what could be the problem or if this is a new issue on 7.2.3, this should be stright forward dhcpd enable config for vlan3 interface... any thoughts anyone?

as for dhcpd auto_config outside that is correct, this statment auto configures dns and other info from upstream.

http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/df.html#wp1651461

On the test this is the script I have used for the successful dhcp assigment on vlan5.

interface Vlan5

nameif testvlan

security-level 50

ip address 200.10.10.1 255.255.255.0

dhcpd address 200.10.10.2-200.10.10.253 testvlan

dhcpd enable testvlan

interface Ethernet0/5

Description LABTOP

switchport access vlan 5

speed 100

duplex full

maybe try

no dhcpd enable guest

then re-enable it

dhcpd enable guest

Rgds

-Jorge

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
JORGE RODRIGUEZ Sun, 06/29/2008 - 18:42

Since you have dhcp on your outside interface change vlan1 with seroute in order for firewall to be aware of a default route from isp upstream router.

e.i

asa(config)#interface Vlan1

asa(config-if)#ip address dhcp setroute

asa#write mem <-- save config

then try intenet access after above changes

On the dhcpd for guest interface the config seems fine, what do you see in the logs, do you have the system PC connected to the correct port under right vlan3, is the PC directly connected to the port on the asa5505 switch ports?

[edit]

Also by which method are you providing your inside clients dns information, are you configuring static DNS on the PCs? if you want to also provide DNS through ASA you would need dns information from your ISP provider and configure ASA to provide this info for your inside and guest clients, you need dns for internet access to work in addition to above setroute on vlan1.

e.i

dhcpd dns

Rgds

-Jorge

Jorge,

ssa(config-if)#ip address dhcp setroute worked great and I am now able to get to the internet.

As for the dhcp on vlan3 (guest), still no luck. I double checked that I am using the correct ports. I have tried disabling dhcp on vlan2 (private) but it didn't make a difference. I also tried giving the pc a static ip to verify it could reach the internet and that was successful. With a 192.168.2.50 address, I was able to hit several web pages.

As for the log files - I'm new at this but the only thing I could get from the logs that seemed to be during the dhcp attempt was the following:

%ASA-7-710005: UDP request discarded from 0.0.0.0/68 to guest:255.255.255.255/67

%ASA-7-710005: UDP request discarded from 0.0.0.0/68 to guest:255.255.255.255/67

%ASA-7-710005: UDP request discarded from 0.0.0.0/68 to guest:255.255.255.255/67

%ASA-7-710005: UDP request discarded from 0.0.0.0/68 to guest:255.255.255.255/67

%ASA-6-302010: 7 in use, 80 most used

%ASA-7-710005: UDP request discarded from 0.0.0.0/68 to guest:255.255.255.255/67

%ASA-7-710005: UDP request discarded from 0.0.0.0/68 to guest:255.255.255.255/67

Any ideas?

On your final thought about dhcpd dns , would using the following command get me the external dns server address?

dhcpd auto_config outside

Thanks for the help,

Adam

Correct Answer
JORGE RODRIGUEZ Mon, 06/30/2008 - 06:08

Interesting ..I tested the configuration in my lab worked perfectly. This was done on same model as yours with Sec Plus license however running 8.0(3) code, plugged in a system in port 5 and received dhcp fine, so I am not sure whether there could be issue with dhcpd in your current code, I looked at bug database on your code 7.2.3 but did not find any relevant info on dhcpd problems for this particular scenario, Im not sure what could be the problem or if this is a new issue on 7.2.3, this should be stright forward dhcpd enable config for vlan3 interface... any thoughts anyone?

as for dhcpd auto_config outside that is correct, this statment auto configures dns and other info from upstream.

http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/df.html#wp1651461

On the test this is the script I have used for the successful dhcp assigment on vlan5.

interface Vlan5

nameif testvlan

security-level 50

ip address 200.10.10.1 255.255.255.0

dhcpd address 200.10.10.2-200.10.10.253 testvlan

dhcpd enable testvlan

interface Ethernet0/5

Description LABTOP

switchport access vlan 5

speed 100

duplex full

maybe try

no dhcpd enable guest

then re-enable it

dhcpd enable guest

Rgds

-Jorge

Actions

This Discussion