Configuring Cisco ASA 5510 as a basic router

Can you attach your config, and tell what the ip address of the DHCP server is?

As per ck459's post,

Can we see your config?

Also, can you add the IPCONFIG /all information of a client on DHCP?

Hi, sorry for the delay back onsite now so have grabbed the config as below, external IP's changed for security but otherwise it's untouched.

Result of the command: "show run"
 
: Saved
:
ASA Version 8.0(2) 
!
hostname CiscoASA
domain-name domainname.local
enable password ILK/PNop1C1uNCLy encrypted
names
!
interface Ethernet0/0
 nameif WAN
 security-level 0
 ip address 77.88.99.11 255.255.255.224 
!
interface Ethernet0/1
 nameif LAN
 security-level 50
 ip address 192.168.50.254 255.255.255.0 
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.100.1 255.255.255.0 
 management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns server-group DefaultDNS
 domain-name alchemypartners.local
object-group protocol DM_INLINE_PROTOCOL_1
 protocol-object icmp
 protocol-object udp
 protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_2
 protocol-object icmp
 protocol-object udp
 protocol-object tcp
object-group service DM_INLINE_SERVICE_1
 service-object icmp echo
 service-object icmp echo-reply
 service-object tcp-udp eq domain 
access-list management_nat0_outbound extended permit ip 192.168.50.0 255.255.255.0 192.168.1.0 255.255.255.0 
access-list WAN_1_cryptomap extended permit ip 192.168.50.0 255.255.255.0 192.168.1.0 255.255.255.0 
access-list LAN_access_in extended permit ip any any 
access-list LAN_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any 192.168.50.0 255.255.255.0 
access-list LAN_access_in extended permit object-group DM_INLINE_PROTOCOL_2 192.168.50.0 255.255.255.0 any 
access-list WAN_access_in extended permit object-group DM_INLINE_SERVICE_1 any 77.88.99.11 255.255.255.224 
pager lines 24
logging enable
logging asdm informational
mtu WAN 1500
mtu LAN 1478
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any LAN
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
global (WAN) 101 interface
nat (LAN) 101 0.0.0.0 0.0.0.0
nat (management) 0 access-list management_nat0_outbound
access-group WAN_access_in in interface WAN
access-group LAN_access_in in interface LAN
route WAN 0.0.0.0 0.0.0.0 77.88.99.12 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.100.0 255.255.255.0 management
http 192.168.50.0 255.255.255.0 LAN
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto map WAN_map 1 match address WAN_1_cryptomap
crypto map WAN_map 1 set pfs 
crypto map WAN_map 1 set peer 11.22.33.44 
crypto map WAN_map 1 set transform-set ESP-3DES-SHA
crypto map WAN_map interface WAN
crypto isakmp enable WAN
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
no crypto isakmp nat-traversal
telnet 192.168.50.0 255.255.255.0 LAN
telnet 192.168.100.0 255.255.255.0 management
telnet timeout 5
ssh timeout 5
console timeout 0
management-access management
threat-detection basic-threat
threat-detection statistics access-list
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
group-policy 11.22.33.44 internal
group-policy 11.22.33.44 attributes
 vpn-tunnel-protocol IPSec 
tunnel-group 11.22.33.44 type ipsec-l2l
tunnel-group 11.22.33.44 ipsec-attributes
 pre-shared-key *
prompt hostname context 
Cryptochecksum:e5a2864f8300aaeefec46767308b2423
: end

Select allOpen in new window

Ipconfig /release & /renew with the Cisco in use -

An error occurred while renewing interface Local Area Connection : unable to con
tact your DHCP server. Request has timed out.

ipconfig /all

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 00-A0-D1-C6-EC-C9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::2074:b94b:b5ab:2fca%8(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.47.202(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Can you also included an ipconfig /all ? I would like to see the settings you are receiving from your DHCP server. Do you get 192.168.50.254 as your default gateway, and what do you receive as DNS server ?
Also, try pinging 194.7.1.4 (public ip on the internet that can be reached via ping)
the try to ping www.google.com (will not reply, but should give an ip addres next to the domain name.
 
 

Thats what I would have thought but it only occurs when the Cisco is plugged in?

I'm running a Draytek 2820 at the moment as a quick fix - the Cisco/Draytek plug in to the exact same port with the exact same IP when I switch them over. Draytek works Cisco doesn't hence the config check??

The DHCP server plugs directly in to the switch and the Cisco then in to the same switch, I can't see how the Cisco could cause the issue but it only occurs when it's in use. Is the above config appropriate for the stated use? If so I'll have to start looking at other possible problems :S

Ok just quickly double checked and a little more confused now so Im hoping it's something stupid. When the Cisco is used the server can access the internet as it has a static IP (so I assumed this was why it was ok).

I've tried with a client plugged directly into the switch - it recieves no DHCP as stated but even assigning a static IP i cant ping anything externally - I can ping the server IP and the Cisco IP

If you uplug the Cisco ASA, and only leave the client and the DHCP server connected to the switch, do you get an ip address then? SO don't connect any of your FW, but only the client and th server.
 

Ok it was a mix of my stupidity and a possible Microsoft oversight?

I removed both the routers and as you'd expect from your comments there was infact no dhcp running (I had forgotten to disable it on the draytek after I'd had some issues). There was no dhcp running because after installing Hyper-V on 2008 it no longer sees the physical network adapter and so is no longer bound to it. After editing the registry key for the adapter to enter it's IP again dhcp sees the adapter and alls well.

Sorry for the wasted time :)