Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

dhcp on 8.4(4)

We had upgraded 3 of our firewalls in the last week. Those were ASA 5510s
and were running on 8.2(2)16 before. They were upgraded to 8.4(4) last week. We have
Wireless Access Points in the external segment (outside firewall) and after the firewall
was upgraded, we saw that 3 of our wireless APs could not get IPs (the DHCP server resides
in internal LAN segment), while the other three APs got IPs. Rebooting the firewall also
did not help. We then downgraded the firewall to 8.2(2)16 and all 6 APs immediately got
IPs. Is there a bug related to DHCP relay on 8.4(4)? 

Thanks,
Kashish
Everyone's tags (4)
2 REPLIES
Red

dhcp on 8.4(4)

Hi Kashish,

I tried to look for, but there are no current bugs related to dhcp relay on ASA, I suggest you take captures and dhcp debugs to identify the cause for denial, only then any possiblity of a bug can be ruled out. Right now we dont even know whether it is the ASA or anyother device causing the issue, you need to first isolate that.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
Community Member

Re: dhcp on 8.4(4)

I upgraded three ASAs (1 5505 and two 5510) to 8.4(4)3 and on all three ASAs which were providing DHCP services to connected networks stopped working.  Users could not get DHCP addresses from the ASAs running 8.4.4.3.

I did packet captures from the desktop, basically I see the DHCP requests leaving the desktop, but no replies from the ASA.

I downgraded the ASA to 8.4(4)1 and DHCP immediately starting working again. 

I then upgraded back to 8.4.4.3.  DHCP failed again.  Downgraded the ASA to 8.4.4.1, then DHCP started working again. 

Looks like a bug with ASA 8.4.4.3 and DHCP.

532
Views
0
Helpful
2
Replies
CreatePlease to create content