Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DHCP problem on the ASA

I have a strange situation,

one of my customer is experiencing an issue which relates to DHCP on an ASA

The ASA is currently on 8.4.(4), problem he is facing is when a Client (I Phone or IPAD)

try to connect, intermittent they doesn’t get the IP address assign from the DHCP server.

Only the wlan controller receives an address

Unfortunately I cannot provide lot of details regarding the Pcaps or show run.

Anyone had same kind of issue previously

Everyone's tags (3)
7 REPLIES
New Member

Re: DHCP problem on the ASA

I upgraded three ASAs (1 5505 and two 5510) to 8.4(4)3 and on all three ASAs which were providing DHCP services to connected networks stopped working. Users could not get DHCP addresses from the ASAs running 8.4.4.3.

I did packet captures from the desktop, basically I see the DHCP requests leaving the desktop, but no replies from the ASA.

I downgraded the ASA to 8.4(4)1 and DHCP immediately starting working again.

I rolled back to 8.4.4.3. DHCP failed again. Downgraded the ASA to 8.4.4.1, then DHCP started working again.

Looks like a bug with ASA 8.4.4.3 and DHCP.

So I'm sticking with 8.4.4.1 for now.

Sent from Cisco Technical Support iPhone App

New Member

Re: DHCP problem on the ASA

Hi Martinez-adrina

Thanks for the reply, unfortunately my customer is also on the 8.4(4).1

So no luck there either. But thank you for your reply.

With kind regards,

lancellot

New Member

DHCP problem on the ASA

I had a similar problem with VPN clients not receiving an IP address from DHCP after upgrading from 8.4(2) to 8.4(5).  I went back and forth with TAC for a few weeks and we narrowed it down to an identity NAT (nat exemption) statement for the VPN clients that required the route-lookup option to be checked.

New Member

DHCP problem on the ASA

I had the same issue when upgradeing from 8.4(2) to 8.4(5).  I had to add the route-lookup AND disable proxy-arp on my identity NATs to resovle the issue.

New Member

DHCP problem on the ASA

I have an issue which may be related.

After having changed the internal gateway equipment, the DHCP requests emitted by the ASA remain to the removed gateway interface MAC address whereas the ASA makes ARP requests and gets the new GW interface MAC address correctly.

New Member

Re: DHCP problem on the ASA

Hi Joan

Did you get the dhcp issue fixed?

We are having the excact same problem on version 8.3(2)4.

The ASA's are connected to a gateway cluster. When a fail over occurs in the cluster, all arp tables are updated on the ASA's.  DHCP requests from vpn clients to an internal DHCP server, are still  being sent to the mac address of the old gateway interface, even though  the arp tables has been updated with the new mac address.

It seems that the dhcp realy/proxy function is using old cashed information instead of the arp table.

Regards

Anders

New Member

Re: DHCP problem on the ASA

Hi Anders,

Here is the link to the BugID:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCty13865

Still not fixed for the moment.

The work-arounds are:

- disconnect all the remote access sessions issuing the command 'vpn-sessiondb logoff'

or

- reboot the ASA.

For my part, as I am working with ASA in failover, I have failed over to the standby (secondary) unit, then I have rebooted the primary unit.

Regards,

Joan

1605
Views
0
Helpful
7
Replies
CreatePlease login to create content