Solved

ASA 5505 Problems obtaining DHCP address from Verizon FIOS

Posted on 2009-05-08
9
1,408 Views
Last Modified: 2012-05-06
Hello experts I hope you can help me with this problem!

I have obtained an ASA 5505 for my home network.  I am unable to obtain a DHCP address on the outside interface from Verizon.  I have cloned the mac address of the existing connection to VLAN 2, I bounced the ONT to release the IP.  The existing connection is on a Cisco 1841 which I have no problem obtaining an IP.  I even set dhcp-client client-id interface outside globally on the ASA hoping that would help.  I have since reset the config back to the default.  Does anyone have any suggestions on what to do next?
SA Version 7.2(4) 
!
hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
!
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute 
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns server-group DefaultDNS
 domain-name default.domain.invalid
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
monitor-interface inside
monitor-interface outside
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcp-client client-id interface outside
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd enable inside
!
 
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny 
  inspect sunrpc 
  inspect xdmcp 
  inspect sip 
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
prompt hostname context 
Cryptochecksum:adc310c7f6df7a84bbfd606353f214ef
: end
asdm image disk0:/asdm-524.bin
no asdm history enable

Open in new window

0
Comment
Question by:rob533
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 24375647
The IP ADDRESS DHCP SETROUTE is all you needed to add to be a DHCP client...     here's the doc to back that up: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806c1cd5.shtml#asdmclient

Your config looks ok at a glance.      

Can I see the router's code to see how it connects?  

What kind of internet service do you have?


0
 

Author Comment

by:rob533
ID: 24375848
I am not sure what you mean by routers code.  I have Verizon FIOS.  I might need to put a sniffer on to see what it sends for the dhcp request.  
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 24377096
In your description you said: "The existing connection is on a Cisco 1841 which I have no problem obtaining an IP."

If your Cisco 1841 gets an IP from your On-Premises router, then so should the ASA....  

Did you get the FIOS Verizon default router or the 9100EM router?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:rob533
ID: 24377316
I have an actiontech as well, but only use that for video distribution.  I think the main problem is I am unable to release the IP from the 1841.  Somehow I need to break the DHCP lease, I think a call into Verizon may be the only way.  So here is a snippet fro the config of the 1841 Fa0/0 interface.
interface FastEthernet0/0
 description Link to Verizon 20/5
 bandwidth 20000
 ip address dhcp
 ip access-group FROM-OUTSIDE in
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip nat outside
 ip inspect SDM_LOW out
 ip virtual-reassembly
 duplex auto
 speed auto

Open in new window

0
 
LVL 33

Expert Comment

by:MikeKane
ID: 24385598
Is the dhcp address served up by the verizon router?  Can you just power cycle that?
0
 

Expert Comment

by:ncisupport
ID: 25341429
I'm having the same problem and I believe its because the ASA DHCP request times out before you receive a DHCP reply from the server.  Perhaps there is a way to increase the DHCP client timeout value on the ASA
0
 

Accepted Solution

by:
rob533 earned 0 total points
ID: 25347898
I fixed this myself.  I had to unplug the Verizon supplied router for about 30 minutes to 1 hour for the lease to expire.  If that does not work unplug your ONT from both the outlet and battery backup.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36908461
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month4 days, left to enroll

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question