Fairly new with ASA's, and could use a little help. I have an ASA5515 configured as a DHCP server in a customer environment. Clients that obtain their IP's via DHCP lose network connectivity after a short period of time, however clients that are staticly connected still have network connectivity.
Attached are output from the show version and show run commands.
Client is using Ruckus Wireless with an 1106 controller and 9 AP's, 2 unmanaged switches and Windows XP/7 clients. Not a very complicated network.
It seems to me that there are a lot of unneeded DHCP configurations on the unit atleast
To my understanding the below 4 configurations are only needed if your WAN interface was acting as a DHCP Client. I mean a situation where your ASA would get its public IP address through DHCP from the ISP instead of the current setting which is static.
dhcp-client client-id interface WAN
dhcpd auto_config WAN
dhcpd auto_config WAN interface management
dhcpd auto_config WAN interface LAN
The below to my understanding is not needed since you have already set the interface specific DNS servers
dhcpd dns 188.8.131.52 184.108.40.206
The below to my understanding is not needed as you dont have any DynDNS configurations on the ASA.
dhcpd update dns both interface LAN
Seems to me tha the below configuration configured DNS server correct? Though you already have a configuration for the LAN interface with the "dhcpd dns" configuration.
dhcpd option 6 ip 220.127.116.11 18.104.22.168 interface LAN
I don't know if these really have anything to do with your problem but I just thought that they were not needed.
It seems to me that the only configurations you would need for basic DHCP would be
dhcpd address 192.168.123.100-192.168.123.249 LAN
dhcpd dns 22.214.171.124 126.96.36.199 interface LAN
dhcpd enable LAN
Is the connectivity cut complete? I mean can you even ping internal gateway of the users? Are you able to ping anything with IP address directly?
I guess you could choose one DHCP IP address as a test and capture its traffic and see what you see in the traffic capture at the time before and after the problem. You can do that probably on the client directly or perhaps also on the ASA
On the ASA the capture could be done with the following configuration
access-list CAPTURE permit ip host any
access-list CAPTURE permit ip any host
capture CAPTURE type raw-data access-list CAPTURE interface LAN buffer 33500000 circular-buffer
To view if anything is hitting the capture use the command
To show contents of the capture on the CLI use the command
show capture CAPTURE
To copy the capture to your computer so you can open it with Wireshark for example use the command
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...