Solved

ASA 5505 Problems obtaining DHCP address from Verizon FIOS

Posted on 2009-05-08
9
1,363 Views
Last Modified: 2012-05-06
Hello experts I hope you can help me with this problem!

I have obtained an ASA 5505 for my home network.  I am unable to obtain a DHCP address on the outside interface from Verizon.  I have cloned the mac address of the existing connection to VLAN 2, I bounced the ONT to release the IP.  The existing connection is on a Cisco 1841 which I have no problem obtaining an IP.  I even set dhcp-client client-id interface outside globally on the ASA hoping that would help.  I have since reset the config back to the default.  Does anyone have any suggestions on what to do next?
SA Version 7.2(4) 

!

hostname ciscoasa

domain-name default.domain.invalid

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Vlan1

 nameif inside

 security-level 100

 ip address 192.168.1.1 255.255.255.0 

!

interface Vlan2

 nameif outside

 security-level 0

 ip address dhcp setroute 

!

interface Ethernet0/0

 switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

dns server-group DefaultDNS

 domain-name default.domain.invalid

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

no failover

monitor-interface inside

monitor-interface outside

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-524.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

dhcp-client client-id interface outside

dhcpd auto_config outside

!

dhcpd address 192.168.1.2-192.168.1.254 inside

dhcpd enable inside

!
 

!

class-map inspection_default

 match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map 

  inspect ftp 

  inspect h323 h225 

  inspect h323 ras 

  inspect rsh 

  inspect rtsp 

  inspect esmtp 

  inspect sqlnet 

  inspect skinny 

  inspect sunrpc 

  inspect xdmcp 

  inspect sip 

  inspect netbios 

  inspect tftp 

!

service-policy global_policy global

prompt hostname context 

Cryptochecksum:adc310c7f6df7a84bbfd606353f214ef

: end

asdm image disk0:/asdm-524.bin

no asdm history enable

Open in new window

0
Comment
Question by:rob533
9 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 24375647
The IP ADDRESS DHCP SETROUTE is all you needed to add to be a DHCP client...     here's the doc to back that up: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806c1cd5.shtml#asdmclient

Your config looks ok at a glance.      

Can I see the router's code to see how it connects?  

What kind of internet service do you have?


0
 

Author Comment

by:rob533
ID: 24375848
I am not sure what you mean by routers code.  I have Verizon FIOS.  I might need to put a sniffer on to see what it sends for the dhcp request.  
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 24377096
In your description you said: "The existing connection is on a Cisco 1841 which I have no problem obtaining an IP."

If your Cisco 1841 gets an IP from your On-Premises router, then so should the ASA....  

Did you get the FIOS Verizon default router or the 9100EM router?
0
 

Author Comment

by:rob533
ID: 24377316
I have an actiontech as well, but only use that for video distribution.  I think the main problem is I am unable to release the IP from the 1841.  Somehow I need to break the DHCP lease, I think a call into Verizon may be the only way.  So here is a snippet fro the config of the 1841 Fa0/0 interface.
interface FastEthernet0/0

 description Link to Verizon 20/5

 bandwidth 20000

 ip address dhcp

 ip access-group FROM-OUTSIDE in

 ip nbar protocol-discovery

 ip flow ingress

 ip flow egress

 ip nat outside

 ip inspect SDM_LOW out

 ip virtual-reassembly

 duplex auto

 speed auto

Open in new window

0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 33

Expert Comment

by:MikeKane
ID: 24385598
Is the dhcp address served up by the verizon router?  Can you just power cycle that?
0
 

Expert Comment

by:ncisupport
ID: 25341429
I'm having the same problem and I believe its because the ASA DHCP request times out before you receive a DHCP reply from the server.  Perhaps there is a way to increase the DHCP client timeout value on the ASA
0
 

Accepted Solution

by:
rob533 earned 0 total points
ID: 25347898
I fixed this myself.  I had to unplug the Verizon supplied router for about 30 minutes to 1 hour for the lease to expire.  If that does not work unplug your ONT from both the outlet and battery backup.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36908461
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
stacking switches 2 45
RDP on 4321 Router 33 49
Using VLAN Interface in ASA 5 21
VTP / VLANs and Sub-Interfaces 4 25
Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now