06-29-2008 06:02 PM - edited 03-11-2019 06:06 AM
Hi all - I was hoping to get a few experienced eyes on my config. I am having problems connecting to the internet from the internal vlans. Any ideas?
Also, I am trying to setup dhcp on both vlan2 (private) and vlan3 (guest) however only the vlan2 (private) serves addresses. Any idea what I'm missing to get vlan3 (guest) to work?
Any other tips or suggestions are greatly appreciated. Thanks.
Solved! Go to Solution.
06-30-2008 06:08 AM
Interesting ..I tested the configuration in my lab worked perfectly. This was done on same model as yours with Sec Plus license however running 8.0(3) code, plugged in a system in port 5 and received dhcp fine, so I am not sure whether there could be issue with dhcpd in your current code, I looked at bug database on your code 7.2.3 but did not find any relevant info on dhcpd problems for this particular scenario, Im not sure what could be the problem or if this is a new issue on 7.2.3, this should be stright forward dhcpd enable config for vlan3 interface... any thoughts anyone?
as for dhcpd auto_config outside that is correct, this statment auto configures dns and other info from upstream.
http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/df.html#wp1651461
On the test this is the script I have used for the successful dhcp assigment on vlan5.
interface Vlan5
nameif testvlan
security-level 50
ip address 200.10.10.1 255.255.255.0
dhcpd address 200.10.10.2-200.10.10.253 testvlan
dhcpd enable testvlan
interface Ethernet0/5
Description LABTOP
switchport access vlan 5
speed 100
duplex full
maybe try
no dhcpd enable guest
then re-enable it
dhcpd enable guest
Rgds
-Jorge
06-29-2008 06:42 PM
Since you have dhcp on your outside interface change vlan1 with seroute in order for firewall to be aware of a default route from isp upstream router.
e.i
asa(config)#interface Vlan1
asa(config-if)#ip address dhcp setroute
asa#write mem <-- save config
then try intenet access after above changes
On the dhcpd for guest interface the config seems fine, what do you see in the logs, do you have the system PC connected to the correct port under right vlan3, is the PC directly connected to the port on the asa5505 switch ports?
[edit]
Also by which method are you providing your inside clients dns information, are you configuring static DNS on the PCs? if you want to also provide DNS through ASA you would need dns information from your ISP provider and configure ASA to provide this info for your inside and guest clients, you need dns for internet access to work in addition to above setroute on vlan1.
e.i
dhcpd dns
Rgds
-Jorge
06-29-2008 09:12 PM
Jorge,
ssa(config-if)#ip address dhcp setroute worked great and I am now able to get to the internet.
As for the dhcp on vlan3 (guest), still no luck. I double checked that I am using the correct ports. I have tried disabling dhcp on vlan2 (private) but it didn't make a difference. I also tried giving the pc a static ip to verify it could reach the internet and that was successful. With a 192.168.2.50 address, I was able to hit several web pages.
As for the log files - I'm new at this but the only thing I could get from the logs that seemed to be during the dhcp attempt was the following:
%ASA-7-710005: UDP request discarded from 0.0.0.0/68 to guest:255.255.255.255/67
%ASA-7-710005: UDP request discarded from 0.0.0.0/68 to guest:255.255.255.255/67
%ASA-7-710005: UDP request discarded from 0.0.0.0/68 to guest:255.255.255.255/67
%ASA-7-710005: UDP request discarded from 0.0.0.0/68 to guest:255.255.255.255/67
%ASA-6-302010: 7 in use, 80 most used
%ASA-7-710005: UDP request discarded from 0.0.0.0/68 to guest:255.255.255.255/67
%ASA-7-710005: UDP request discarded from 0.0.0.0/68 to guest:255.255.255.255/67
Any ideas?
On your final thought about dhcpd dns
dhcpd auto_config outside
Thanks for the help,
Adam
06-30-2008 06:08 AM
Interesting ..I tested the configuration in my lab worked perfectly. This was done on same model as yours with Sec Plus license however running 8.0(3) code, plugged in a system in port 5 and received dhcp fine, so I am not sure whether there could be issue with dhcpd in your current code, I looked at bug database on your code 7.2.3 but did not find any relevant info on dhcpd problems for this particular scenario, Im not sure what could be the problem or if this is a new issue on 7.2.3, this should be stright forward dhcpd enable config for vlan3 interface... any thoughts anyone?
as for dhcpd auto_config outside that is correct, this statment auto configures dns and other info from upstream.
http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/df.html#wp1651461
On the test this is the script I have used for the successful dhcp assigment on vlan5.
interface Vlan5
nameif testvlan
security-level 50
ip address 200.10.10.1 255.255.255.0
dhcpd address 200.10.10.2-200.10.10.253 testvlan
dhcpd enable testvlan
interface Ethernet0/5
Description LABTOP
switchport access vlan 5
speed 100
duplex full
maybe try
no dhcpd enable guest
then re-enable it
dhcpd enable guest
Rgds
-Jorge
06-30-2008 06:26 AM
That did it! I had to do this a couple times but it seems to have fixed the problem.
Thanks!
Adam
06-30-2008 06:59 AM
Adam, glad it worked.. thanks
Rgds
-Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide