I've been running a cisco asa 5505 for quite some time and it has been running fine, now all of a sudden it starts to renew it's outside dhcp adress like every 2 hours. I dont think it's the ISP since I have another device connected also using dhcp to the same ISP and it doesnt renew itself, it's just the ASA. Rebooting it, makes it pick up an adress straight away. The interface seems to be up, the GUI just reports "no ip adress" and then the ASA get's a new IP after about 10-15 min without one. Pressing the renew IP adress button in the GUI throws an error.
Any ideas what I could try?
Several question for you.
1. Do you have any NAT statements to the external IP address of the outside interface? If so, you might want to think
about using the "interface" command.
nat (inside) 1 192.168.1.0 255.255.255.0
global(outside) 1 interface
That way no matter what the IP address is of the outside interface, it always uses it.
2. If you look at the logs, is the outside interface flapping by any chance?
3. I guess it could also be a bug of some sort.
Thanks John for taking your time with my issue.
1. I have several NAT statesment. I mainly use the gui, I tried the commands but I couldnt get them to work.
2. It takes about 1 hour for something to happen. Can I filter the logs so I can capture only if the interface goes up and down? I was thinking maybe it was something wrong with the port itself, so I have changed outside port from 0 to 1. When the interface doesnt have an IP. The status in the GUI under "interface status" is Line NA? and Link NA?
So you said you changed the outside interface from 0 to 1? Does the interface ever get an IP address from your serivce provider at all?
Yes, the interface get's an IP all the time from the ISP. The problem is that once every hour it seems to renew itself. I have 5 ip adresses from my ISP. So have a cisco e4200 wifi router connected to the same modem. The E4200 doesnt change IP. On top of that, I have about 5 minutes of down time while renewing the IP.
I ran some command to show the setup for the inteface and it showed a rebind every 40 minutes. It might be every 40 minutes that I get a renewed ip adress.
I'll do some research when I get to work. There might be a setting you can change to fix this or it could be a bug for all I know. We have an ASA 5505 but it's just used for a Lan-to-Lan VPN Tunnel. I'm more use to 5510 and 5520s.
Providers often register the mac address to which a public ip is provided. Other interfaces typically have a different mac which therefore ends up in some dynamic pool with a short age.
If this issue has begun after changing the interface, you may attempt to use the BIA address of the original interface.
Hello, I cant get to page in your link Igijssel. It was working fine for several months, and then without me doing anything it just started to change IP adress every hour. I changed port thinking it might be a hardware failure on that port or something, but that didnt help. But it sort of got me thinking, checking DHCP client lease information in ASDM for the outside interface is giving me:
Temp IP addre: 213.114.46.xx
Temp sub net mask: 255.255.192.0
DHCP lease server: xxxxxx
lease 3600 sec
renewal: 1800 sec
temp default gateway: xxxx
next timer fires after: 230 sec
Retry count: 4
Isnt it strange that the client_id is a name like that? Shouldnt that just be the mac address? What about state? Rebinding??
Thanks for your link John, but that guy couldnt get an IP at all, I get plenty of them :-) They also say it's fixed in 7,2. I'm using ASA 8.4(1) with ASDM 6.4(1).
I have googled this problem for two days now and I still can't find a solution or how to troubleshoot it further. I have seen people talking about turning on debugging on dhcp, but failed to describe how.
When i loose connectivity I cant even renew the IP manually through the GUI, I then get the error message:
[OK] Interface vlan2
[ERROR] dhcp client route distance 1
dhcp client route distance 1
ERROR: % Invalid input detected at '^' marker.
[OK] ip address dhcp setroute
[OK] dhcp-client client-id interface outside
Also, on my outher router I can renew the IP and I always get the same IP. But if I renew the IP when everytyhing is working with the cisco ASA, then I get a new IP.
The lease info clearly shows the lease time is one hour, so the regular renewal is to be expected.
Perhaps it was not always like this?
Do you still have the ip address you had before this problem began?
Leases tend to be longer than this, unless you are not properly registered with the ISP.
It may be a problem with your provider having accidentally erased your data from their dhcp server.
The link points to the command reference for configuring a mac address on an interface of tha ASA.
Try to omit the word /partner from it, it'll probably work then.
First of all, thanks for everyone taking their time with my issue. Now all of a sudden I lost my dhcp adress to both of the routers. I called my ISP and they said they could see both my routers asking for an adress. They recommended me to restart the modem, I did and now it works fine. If I renew the IP both of the routers, I still have the same ip adress, just like its supposed to be, so I'm confident my IP wont change every hour now eventhough it's still not confirmed.