Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
796
Views
0
Helpful
6
Replies

PIX and 851 reject DHCP

jarmentrout
Level 1
Level 1

‎04-14-2006 05:04 PM - edited ‎03-03-2019 12:24 PM

We have a remote site for telemetry and we have been using Wildblue satellite internet , it is a standard DOCSIS modem with ethernet and DHCP.

We have a PIX 501 there and uses DHCP to acquire address, and VPN tunnel back to HQ.

We no longer can aquire ip address from Wildblue, if you connect PC or cheap Linksys router to modem, it will aquire address.

Here is Debug from PIX

DHCP: SDiscover: sending 278 byte length DHCP packet

DHCP: SDiscover 278 bytes

DHCP Broadcast to 255.255.255.255 from 0.0.0.0

DHCP client msg received, fip=70.41.148.1, fport=67

DHCP: Received a BOOTREP pkt Not for us..: xid: 0x28142990

DHCP client msg received, fip=70.41.148.1, fport=67

DHCP: Received a BOOTREP pkt Not for us..: xid: 0x13C680dhcpc_discover_pkt: pro

to = 0x11, lp = 0x44

DHCP client msg received, fip=70.41.148.1, fport=67

DHCP: Received a BOOTREP pkt

DHCP: Scan: Message type: DHCP Offer

DHCP: Scan: Subnet Address Option: 255.255.252.0

DHCP: Scan: DNS Name Server Option: 12.189.32.61

DHCP: Scan: Domain Name: wildblue.com

DHCP: Scan: NBNS Name Server Option: 127.0.0.1

DHCP: Scan: Router Address Option: 70.41.148.1

DHCP: Scan: Lease Time: 43200

DHCP: Scan: Renewal time: 21600

DHCP: Scan: Rebind time: 37800

DHCP: Scan: Server ID Option: 10.245.40.14 = E28F50A

DHCP: Scan: found option 4: data length = 4 (bytes) data = 0x 0a f5 28 0e

DHCP: Scan: found option 43: data length = 20 (bytes) data = 0x 66 0b 42 30 30

30 33 37 47 30 30 30 32 65 05 56 61 6c 75 65

DHCP: rcvd pkt source: 70.41.148.1, destination: 70.41.150.60

UDP sport: 67, dport: 68, length: 355

DHCP op: 0x2, htype: 0x1, hlen: 6, hops: 0

DHCP server identifier: 10.245.40.14

xid: 0x18B9D, secs: 0, flags: 0x0

client: 0.0.0.0, your: 70.41.150.60

srvr: 10.245.40.11, gw: 70.41.148.1

options block length: 107

We also tried a 851 router, and here is the debug:

.Apr 14 00:48:43.691: DHCP: Received a BOOTREP pkt Not for us..: xid:

0xDAA36F8

.Apr 14 00:48:44.959: DHCP: Received a BOOTREP pkt Not for us..: xid:

0x203618

.Apr 14 00:48:45.955: DHCP: Received a BOOTREP pkt Not for us..: xid:

0xDBF880

.Apr 14 00:48:46.187: DHCP: Received a BOOTREP pkt

.Apr 14 00:48:46.187: DHCP: Scan: Message type: DHCP Offer

.Apr 14 00:48:46.187: DHCP: Scan: Subnet Address Option: 255.255.252.0

.Apr 14 00:48:46.187: DHCP: Scan: DNS Name Server Option: 12.189.32.61

.Apr 14 00:48:46.187: DHCP: Scan: Domain Name: wildblue.com

.Apr 14 00:48:46.187: DHCP Offer Message Offered Address:

70.41.148.207

.Apr 14 00:48:46.187: DHCP: Lease Seconds: 43200 Renewal secs: 21600

Rebi

nd secs: 37800

.Apr 14 00:48:46.191: DHCP: Server ID Option: 10.245.40.14

.Apr 14 00:48:46.191: DHCP: offer received from 10.245.40.14

.Apr 14 00:48:46.191: DHCP: offer received in bad state: Purging punt

.Apr 14 00:48:46.391: DHCP: Received a BOOTREP pkt Not for us..: xid:

0xD0BD81

.Apr 14 00:48:46.451: DHCP: Re

ceived a BOOTREP pkt Not for us..: xid:

0x2E263580

.Apr 14 00:48:47.583: DHCP: Received a BOOTREP pkt Not for us..: xid:

0xD7D4AF8

.Apr 14 00:48:50.163: DHCP: Received a BOOTREP pkt Not for us..: xid:

0x147D124

Labels:
0 Helpful
6 Replies 6

Brandon Buffin
VIP Alumni
VIP Alumni

‎04-14-2006 06:57 PM

Does your provider use PPPoE. If so, you will need to setup your PIX/851 to authenticate to their network. Please see the links below.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb729.html#wp1037306

http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093fbf.shtml

Hope this helps.

Brandon

0 Helpful

jarmentrout
Level 1
Level 1
In response to Brandon Buffin

‎04-15-2006 09:44 AM

No my provider does not use pppoe, it is DHCP

0 Helpful

globalnettech
Level 5
Level 5
In response to jarmentrout

‎04-15-2006 10:48 AM

Hello,

try and power everyting off for about 10 minutes (modem/PIX/router), then power everything on again. The problem is likely with WildBlue, have you had a chance to talk to them already ?

Regards,

GNT

0 Helpful

jarmentrout
Level 1
Level 1
In response to globalnettech

‎04-15-2006 04:39 PM

Yes I have tried doing that already, even for hours, and also tried leaving pix on, and see if it aquires address after being on for a while, and still no go. It does appear the problem is on Wildblue, but don't understand why the PIX is picky.

Trying to talk to someone at wildblue that has a clue seems impossible.

0 Helpful

Brandon Buffin
VIP Alumni
VIP Alumni
In response to jarmentrout

‎04-15-2006 11:55 AM

You can use PPPoE and DHCP together. I have a site with a DSL connection where the provider uses PPPoE. My router pulls an address through DHCP. By default, your modem performs the PPPoE negotiation, but this would not work with the 2821 router that I use. I ended up having to put the modem in bridge mode (you should be able to get info on the steps from the modem manufacturer) and let the 2821 perform the PPPoE.

Hope this helps.

Brandon

0 Helpful

globalnettech
Level 5
Level 5
In response to Brandon Buffin

‎04-16-2006 10:36 AM

Hello Jason,

doesn´t WildBlue use MAC address verification ? I don´t think the PIX has support for MAC address cloning, but you could try and configure:

mac-address-table static interface_name mac_address

using the MAC address of the PC or the Linksys router that work and do get an IP address.

I am thinking that WildBlue should at least be able to verify which MAC address is registered with them...but from what you are saying, that appears to be a problem...

Regards,

GNT

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card