We had upgraded 3 of our firewalls in the last week. Those were ASA 5510s
and were running on 8.2(2)16 before. They were upgraded to 8.4(4) last week. We have
Wireless Access Points in the external segment (outside firewall) and after the firewall
was upgraded, we saw that 3 of our wireless APs could not get IPs (the DHCP server resides
in internal LAN segment), while the other three APs got IPs. Rebooting the firewall also
did not help. We then downgraded the firewall to 8.2(2)16 and all 6 APs immediately got
IPs. Is there a bug related to DHCP relay on 8.4(4)?
I tried to look for, but there are no current bugs related to dhcp relay on ASA, I suggest you take captures and dhcp debugs to identify the cause for denial, only then any possiblity of a bug can be ruled out. Right now we dont even know whether it is the ASA or anyother device causing the issue, you need to first isolate that.
I upgraded three ASAs (1 5505 and two 5510) to 8.4(4)3 and on all three ASAs which were providing DHCP services to connected networks stopped working. Users could not get DHCP addresses from the ASAs running 184.108.40.206.
I did packet captures from the desktop, basically I see the DHCP requests leaving the desktop, but no replies from the ASA.
I downgraded the ASA to 8.4(4)1 and DHCP immediately starting working again.
I then upgraded back to 220.127.116.11. DHCP failed again. Downgraded the ASA to 18.104.22.168, then DHCP started working again.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...