I have an asa 5505 configured with 2 wan interfaces and 2 Vlans, up until now we have only used vlan1, with no trouble at all. We have recently purchased a new company and have had to install their Server in our offices, so trhe installation now has 2 servers bothe Small Business Servers one sbs2003 and one sbs2003. initially when we bring up the second sbs2003 server on Vlan2 all seems ok and everything is routing and working fine, then for some reason the next morning nothing will work, the problem is that the SBS2008 server finds that there is the other sbs2003 machine and stops it's dhcp server causing the network to fail. I therefore need to make sure there is no crosstalk between the 2 vlans is this possible and if so any assistance would be greatly appreciated!!
Base on the configuration, VLAN 1 (BRIGHTSTAR) and VLAN 2 (EasyTax) will not be able to communicate to each other because you have configured access-list to prevent communication between the 2 subnets (192.168.50.0/24 and 192.168.0.0/24).
At this stage, I don't believe the ASA is causing the issue nor allowing communication between the 2 subnets.
I could not find any configuration issue myself on the ASA 5505 however I am not that experienced with it. The strange thing is if I plug the second switch to the ASA the second sbs box does not see the sbs2008 box and all seems fine through till close of business then the nest morning it is the sbs2008 box that sees the 2003 box not the other way round, the only physical link between them is the asa box hence my feeling that it is allowing some traffic between them or at least it is publishing the fact there is a dhcp server on vlan1. I am completely stumped by this one.
Is there any way that because we are using the 2 wan ports as failover, that maybe the dhcp traffic is mving between them and coming back in?
A long shot I know but just trying to come up with some ideas on this!
How do you identify that the sbs2008 box sees the 2003 box?
You might what to run packet capture on both boxes to see what has happened overnight that might trigger the sbs2008 box to see the 2003 box.
As DHCP request is broadcast and they are in 2 different VLANs, I don't see how it will see that, and as I said earlier, ASA rules would have prevented access between the 2 subnets as you already have "deny" statements and broadcast traffic is contained within its own broadcast domain.
How many NIC does sbs2008 and 2003 box have? single NIC or dual or multiple NIC?
The reason I can tell is that once the DHCP Server fails on the SBS2008 box, I check the logs and it reads that another DHCP Server exists on 192.168.0.1, if I then try and run the Internet connection wizard on the SBS2008 box it also tells me that there is another DHCP server present on 192.168.0.1 and then all I can do is unplug the second Vlan restart the firewall and switches and server and then everything comes back to normal.
Something is publishing the dhcp server, and also to note it only seems to go one way in that the sbs2003 box never seems to get affected and can never see the sbs2008 box.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :