I am rolling out some Cisco 5506 FTD devices, to our remote offices. In the head office, we have an ASA5508-X, controlled by a vFMC, but for the remote sites I am just using the HTTPS based configuration, directly on the device. All that the branch office devices need to do is connect to an ISP, bring up a VPN to the head office, and send all IP traffic down it. I also need to get an IP address to the devices inside of the branch office networks somehow. All devices are running FTD 220.127.116.11
At the moment, I have the branch office 5506 set up as a DHCP server. Client machines are predominantly Wyse Cx10 thin clients, which FTP down their config from the head office, then connect via RDP to a terminal server. The problem being reported back from user, is that sporadically, the Wyse devices are throwing up an error " DHCP lease expired", and punting the user out of their session. A reboot after a few minutes gets everything working. I am aware of how DHCP is supposed to work, and I cannot figure out what is wrong. There have only ever been about 5 devices inside of the network which would have requested an address, and 100 in the range, so it is not running out. Looking at a Windows machine shows a lease time of 60mins being doled out by the 5506, which for this scenario seems a bit short. So, questions:
1. Any idea why the normal DHCP lease renewal would not be working? 2. Is there any way that a longer lease time could be configured? An hour seems a bit short for this application, changing it to a month would probably be a functional workaround. 3. Is there any way of setting up a DHCP relay on the 5506? I would actually prefer the DHCP server to be centralised in the head office.
I know these devices are severely limited without a vFMC to control them, but changing the DHCP lease time and configuring a relay are the sorts of things that are normal on a $50 no name home router made a decade ago.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :