Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA In Transparent LAN Active/Standby Failover Not Passing DHCP

Am I missing something here?

interface GigabitEthernet0/0

nameif outside

security-level 0

!

interface GigabitEthernet0/1

nameif inside

security-level 100

!

interface GigabitEthernet0/3

description LAN Failover Interface

!

access-list OutsideIN extended permit ip any any

access-list OutsideINe ethertype permit any

ip address 192.168.1.250 255.255.255.0 standby 192.168.1.251

failover

failover lan unit primary

failover lan interface FAILINT GigabitEthernet0/3

failover key *****

failover interface ip FAILINT 10.99.99.10 255.255.255.248 standby 10.99.99.11

access-group OutsideINe in interface outside

access-group OutsideIN in interface outside

I get this message in SYSLOG:

%ASA-7-710005: UDP request discarded from 0.0.0.0/68 to inside:255.255.255.255/67

1 REPLY
Silver

Re: ASA In Transparent LAN Active/Standby Failover Not Passing D

This message appears when the Cisco ASA does not have a UDP server that services the UDP request. The message can also indicate a TCP packet that does not belong to any session on the Cisco ASA . In addition, this message appears (with the service snmp) when the Cisco ASA receives an SNMP request with an empty payload, even if it is from an authorized host. When the service is snmp, this message occurs a maximum of 1 time every 10 seconds so that the log receiver is not overwhelmed.

The issue can besolved by networks that heavily utilize broadcasting services such as DHCP, RIP or NetBios, the frequency of this message can be high. If this message appears in excessive number, it may indicate an attack.

455
Views
0
Helpful
1
Replies
CreatePlease login to create content