10-22-2017 09:11 PM - edited 02-21-2020 06:33 AM
Hi.
I am rolling out some Cisco 5506 FTD devices, to our remote offices. In the head office, we have an ASA5508-X, controlled by a vFMC, but for the remote sites I am just using the HTTPS based configuration, directly on the device. All that the branch office devices need to do is connect to an ISP, bring up a VPN to the head office, and send all IP traffic down it. I also need to get an IP address to the devices inside of the branch office networks somehow. All devices are running FTD 6.2.0.0
At the moment, I have the branch office 5506 set up as a DHCP server. Client machines are predominantly Wyse Cx10 thin clients, which FTP down their config from the head office, then connect via RDP to a terminal server. The problem being reported back from user, is that sporadically, the Wyse devices are throwing up an error " DHCP lease expired", and punting the user out of their session. A reboot after a few minutes gets everything working. I am aware of how DHCP is supposed to work, and I cannot figure out what is wrong. There have only ever been about 5 devices inside of the network which would have requested an address, and 100 in the range, so it is not running out. Looking at a Windows machine shows a lease time of 60mins being doled out by the 5506, which for this scenario seems a bit short. So, questions:
1. Any idea why the normal DHCP lease renewal would not be working?
2. Is there any way that a longer lease time could be configured? An hour seems a bit short for this application, changing it to a month would probably be a functional workaround.
3. Is there any way of setting up a DHCP relay on the 5506? I would actually prefer the DHCP server to be centralised in the head office.
I know these devices are severely limited without a vFMC to control them, but changing the DHCP lease time and configuring a relay are the sorts of things that are normal on a $50 no name home router made a decade ago.
10-23-2017 03:48 AM
Hello @itsupport
1. Any idea why the normal DHCP lease renewal would not be working?
For this one you could try to update the device driver or ask support for vendor.
2. Is there any way that a longer lease time could be configured? An hour seems a bit short for this application, changing it to a month would probably be a functional workaround.
ASA allows for up to 12 days lease. To change it you need to use the command dhcpd lease 1048575 (time in seconds equivalent to 12 days)
3. Is there any way of setting up a DHCP relay on the 5506? I would actually prefer the DHCP server to be centralised in the head office.
Yes you can. Use the following command:
dhcprelay server "External DHCP IP Address" outside
dhcprelay enable inside
-If I helped you somehow, please, rate it as useful.-
10-23-2017 08:21 PM
The ASA 5506X are running FTD, rather than ASA software. I don't think that #2 and #3 are supported options.
10-25-2017 01:31 AM
They are supported. This is a ASA with FirePOWER ?
Then your have the ASA firmware 9.x something i would assume with FirePOWER analyzing traffic through the managment port ?
10-25-2017 01:40 AM
No, this device is NOT running ASA with FirePOWER. it is running Firepower Threat defence. Quite different.
11-02-2017 09:25 PM
Just in case anyone is interested, I logged a call with TAC over this. Response was that the DHCP lease is fixed at one hour, and cannot be changed. :(
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide