Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5505 doing DHCP and WAP doing DHCP Communication issues

Hey guys! I am new to this discussion area and I have an issue I would love some assistance with. I'll draw a small diagram and attach my config.

DIAGRAM

--- (Comcast) --> F0/1 [ASA 5505] F0/2-7 <-------> [Netgear Switch] <----> WAN Port [Linksys E3000]

I created VLAN 1 for the Interior Network with address pool 10.0.0.2-10.0.0.33.

Port F0/1 is dhcp setroute

Port F0/2-F0/7 are on VLAN 1

The ASA address on the Interior Network is 10.0.0.1

VPN Pool from 10.0.1.2-10.0.1.11 that connects to the ASA remotely

WLAN Pool from 10.0.2.2-10.0.2.50 given through DHCP on the E3000

The address assigned to the Linksys E3000 is 10.0.0.3 plugged directly into the ASA 5505

ISSUES

I am not able to communicate from 10.0.0.x with (except for pings) to 10.0.1.x

I am not able to communicate at all from 10.0.0.x to 10.0.2.x

I am able to communicate from 10.0.1.x to 10.0.0.x with only pings, telnet, and asdm

I am able to fully communicate from 10.0.2.x to 10.0.0.x

I have not tried 10.0.2.x to 10.0.1.x, but my assumption is is would be full.

WANTS

I would like to be able to get DHCP from my ASA to the 10.0.0.x and 10.0.1.x network AND

I would like to be able to get DHCP from my Linksys E3000 to the 10.0.2.x network

For all communication from all subnets for TCP, IP, UDP, etc.

WORK-AROUND

I know it works if I run a cross-over from the ASA to E3000 because the ASA will be doing DHCP to every device. But, I won't have the 10.0.2.x network and I will also be limited to 32 DHCP client.

Here is my config. Thanks in advance for all the help.

FULL CONFIG

ASA Version 8.2(2)

!

hostname Michaels-ASA-5505

!

interface Vlan1

nameif inside

security-level 100

ip address 10.0.0.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address dhcp setroute

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!            

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

boot system disk0:/asa822-k8.bin

ftp mode passive

dns domain-lookup inside

dns domain-lookup outside

dns server-group DefaultDNS

name-server 75.75.75.75

name-server 75.75.76.76

access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.255.0 10.0.1.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.255.0 10.0.2.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 10.0.1.0 255.255.255.0 10.0.0.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 10.0.2.0 255.255.255.0 10.0.1.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 10.0.2.0 255.255.255.0 10.0.0.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 10.0.1.0 255.255.255.0 10.0.2.0 255.255.255.0

access-list VPN extended permit ip 10.0.0.0 255.255.255.0 10.0.1.0 255.255.255.0

access-list VPN extended permit ip any 10.0.1.0 255.255.255.0

pager lines 24

logging enable

logging asdm informational

mtu inside 1500

mtu outside 1500

ip local pool vpnpool_fixed 10.0.1.2-10.0.1.11 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-621.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication telnet console LOCAL

aaa authentication ssh console LOCAL

http server enable

http 10.0.0.0 255.255.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

[RETRACTED IPSEC INFORMATION]

vpn-addr-assign local reuse-delay 5

telnet 10.0.0.0 255.255.255.0 inside

telnet 10.0.1.0 255.255.255.0 inside

telnet 10.0.2.0 255.255.255.0 inside

telnet timeout 30

ssh timeout 5

console timeout 0

management-access inside

dhcpd dns 75.75.75.75 75.75.76.76

dhcpd auto_config outside

dhcpd update dns

!

dhcpd address 10.0.0.2-10.0.0.33 inside

dhcpd dns 75.75.75.75 75.75.76.76 interface inside

dhcpd enable inside

!

[RETRACTED VPN PROFILE INFO FOR SECURITY REASONS]*

!

class-map inspection_default

match default-inspection-traffic

!


Everyone's tags (3)
615
Views
0
Helpful
0
Replies