I have a strange issue happening with DHCP on two 5510 ASA's running 8.4. We have anyconnect profiles setup to point DHCP to seperate Windows Server 2008 R2 DHCP Servers. The pools are setup with the standard 8 day lease. The behavior we've noticed is that when a client connects with Anyconnect it pulls the first available IP address. Upon disconnecting the lease is imeadily removed from the Lease List. I setup a 5505 ASA as a test and I am using version 9.1 code. I am seeing the same situation. Upon disconnecting the lease is released. I have scoured the internet trying to find a resolution to the problem and I have seen others post the same problem. The common denominator is they are using a Cisco ASA for SSL VPN. Does anyone have any ideas or suggestions on how to fix this?
On the 5505 ASA I am setting DHCP as follows using ASDM
Remote Access VPN > Network (Client) Access > AnyConnect Connecton Profiles > Select my Profile > Edit > Under Client Address Asignment I'm putting in my DHCP server IP address and selecting the DHCP Link Radio button.
The good news: I submitted a bug fix/request for this, and Cisco is aware of the issue. We have our Cisco account rep's on our side and I'm signed up to receive updates on the progress of the issue/resolution.
The bad news: Cisco was not able to give us an ETA for the bug fix.
So like everyone else we are hanging in the dead cold water too...
Sorry guys I never got a resolution for this, it wreaks havoc with DNS. We tuned our DNS server so we don't have so many duplicates, but were still having cashing issues with client hostnames matching up to the wrong machine. We had to move back to DHCP pools on the local ASA's we've had so many problems.
We are having the same exact issue with our ASA for anyconnect clients. This happens when the ASA is setup to hand out addresses directly from the ASA DHCP pool, or when configured as a DHCP relay with our InfoBlox DHCP server. It will grab an address from DHCP, and when disconnecting and reconnecting, it will grab a new DHCP address, and the process repeats with every disconnect and reconnect.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :