rob533
asked on
ASA 5505 Problems obtaining DHCP address from Verizon FIOS
Hello experts I hope you can help me with this problem!
I have obtained an ASA 5505 for my home network. I am unable to obtain a DHCP address on the outside interface from Verizon. I have cloned the mac address of the existing connection to VLAN 2, I bounced the ONT to release the IP. The existing connection is on a Cisco 1841 which I have no problem obtaining an IP. I even set dhcp-client client-id interface outside globally on the ASA hoping that would help. I have since reset the config back to the default. Does anyone have any suggestions on what to do next?
I have obtained an ASA 5505 for my home network. I am unable to obtain a DHCP address on the outside interface from Verizon. I have cloned the mac address of the existing connection to VLAN 2, I bounced the ONT to release the IP. The existing connection is on a Cisco 1841 which I have no problem obtaining an IP. I even set dhcp-client client-id interface outside globally on the ASA hoping that would help. I have since reset the config back to the default. Does anyone have any suggestions on what to do next?
SA Version 7.2(4)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
monitor-interface inside
monitor-interface outside
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcp-client client-id interface outside
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd enable inside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:adc310c7f6df7a84bbfd606353f214ef
: end
asdm image disk0:/asdm-524.bin
no asdm history enable
ASKER
I am not sure what you mean by routers code. I have Verizon FIOS. I might need to put a sniffer on to see what it sends for the dhcp request.
In your description you said: "The existing connection is on a Cisco 1841 which I have no problem obtaining an IP."
If your Cisco 1841 gets an IP from your On-Premises router, then so should the ASA....
Did you get the FIOS Verizon default router or the 9100EM router?
If your Cisco 1841 gets an IP from your On-Premises router, then so should the ASA....
Did you get the FIOS Verizon default router or the 9100EM router?
ASKER
I have an actiontech as well, but only use that for video distribution. I think the main problem is I am unable to release the IP from the 1841. Somehow I need to break the DHCP lease, I think a call into Verizon may be the only way. So here is a snippet fro the config of the 1841 Fa0/0 interface.
interface FastEthernet0/0
description Link to Verizon 20/5
bandwidth 20000
ip address dhcp
ip access-group FROM-OUTSIDE in
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
duplex auto
speed auto
Is the dhcp address served up by the verizon router? Can you just power cycle that?
I'm having the same problem and I believe its because the ASA DHCP request times out before you receive a DHCP reply from the server. Perhaps there is a way to increase the DHCP client timeout value on the ASA
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Your config looks ok at a glance.
Can I see the router's code to see how it connects?
What kind of internet service do you have?