Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 283
  • Last Modified:

DHCP Errors post firewall replacement

Hi

Ideas why i am seeing bad ip addresses in the dhcp servers at our 2nd site?

We have replaced a like for like cisco asa 5505 firewall.

Ideas?
0
CHI-LTD
Asked:
CHI-LTD
  • 4
2 Solutions
 
CHI-LTDAuthor Commented:
0
 
TimotiStDatacenter TechnicianCommented:
Configuration and firmware version are the same?
0
 
CHI-LTDAuthor Commented:
This hasn't been setup by us, but our managed provider.

I think they copied the config from the old firewall and uploaded.  
Firmware, is newer, i think.
0
The Growing Need for Data Analysts

As the amount of data rapidly increases in our world, so does the need for qualified data analysts. WGU's MS in Data Analytics and maximize your leadership opportunities as a data engineer, business analyst, information research scientist, and more.

 
rauenpcCommented:
If they simply copied config, there might be default config left behind. By default the ASA's have a dhcp server configured so that you can plug in on initial boot and use the ASDM. If a simple copy paste was done, it's unlikely that there was any commands in place to remove the default DHCP server configuration. This could mean that many of your clients are receiving an IP from the firewall, and some from the server. Since the server knows nothing about the firewalls leases, all it can do is reactively mark IP's as BAD_ADDRESS meaning that it's a bad address to hand out via DHCP because a device is already using the address. Have your managed provider check if the ASA is handing out an IP it's not supposed to.

The other check you can do would be to stop the DHCP server service, and try to obtain an IP. If you do you will also see which IP is the DHCP server which can't be your server.
0
 
CHI-LTDAuthor Commented:
Ok, they have removed all dhcp rules settings on the firewall but we are still getting all ips in the scope being taken up with bad ip address...

Clients now not picking up ips...
0
 
CHI-LTDAuthor Commented:
Was a leftover dhcp rule and another setting (can't find link now) that caused this.
0

Featured Post

The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now