https://community.cisco.com/t5/network-security/asa-5500-and-dhcp-problem/m-p/1909953#M438031 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Shouldn't the source address for the request be "0.0.0.0" and not an actual IP address from the same subnet?</P><P></P><P>Or is some network device forwarding initial DHCP messages to the ASA?</P><P></P><P>There shouldnt be many things that could be wrong with the DHCP on ASA. Either you use DHCP for hosts that are connected to the ASAs interface running the DHCP or you are using dhcprelay on the ASA to relay the DHCP messages to an actual server.</P><P></P><P></P><P>- Jouni</P></BODY></HTML> Wed, 25 Apr 2012 14:59:32 GMT Jouni Forss 2012-04-25T14:59:32Z https://community.cisco.com/t5/network-security/asa-5500-and-dhcp-problem/m-p/1909952#M438029 <P>Hello everybody.</P><P></P><P>I am facing a problem.</P><P></P><P>DHCP is active on the INSIDE interface.</P><P>However i get the following log messages:</P><PRE __default_attr="plain" __jive_macro_name="code" class="jive_text_macro jive_macro_code"><P><SPAN style="white-space: normal; font-family: arial, helvetica, sans-serif; "><BR /></SPAN></P><TABLE><TBODY><TR><TD><BR /></TD><TD><BR /></TD><TD><BR /></TD><TD><BR /></TD><TD><BR /></TD><TD><BR /></TD><TD><BR /></TD><TD><BR /></TD><TD>UDP request discarded from 192.168.1.254/67 to INSIDE:192.168.1.1/67</TD></TR></TBODY></TABLE><P></P></PRE><P></P><PRE __default_attr="plain" __jive_macro_name="code" class="jive_text_macro jive_macro_code"><PRE style="color: #000000; text-align: -webkit-auto; word-wrap: break-word; white-space: pre-wrap;">dhcpd address 192.168.1.2-192.168.1.249 INSIDE dhcpd dns 8.8.8.8 8.8.4.4 interface INSIDE dhcpd lease 36000 interface INSIDE dhcpd enable INSIDE</PRE> </PRE><P></P><P>The dhcpd state shows inside as active.</P><P></P><P>I really dont get, why it doesnt get an offer back.</P> Mon, 11 Mar 2019 22:58:09 GMT https://community.cisco.com/t5/network-security/asa-5500-and-dhcp-problem/m-p/1909952#M438029 kakados2000 2019-03-11T22:58:09Z https://community.cisco.com/t5/network-security/asa-5500-and-dhcp-problem/m-p/1909953#M438031 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Shouldn't the source address for the request be "0.0.0.0" and not an actual IP address from the same subnet?</P><P></P><P>Or is some network device forwarding initial DHCP messages to the ASA?</P><P></P><P>There shouldnt be many things that could be wrong with the DHCP on ASA. Either you use DHCP for hosts that are connected to the ASAs interface running the DHCP or you are using dhcprelay on the ASA to relay the DHCP messages to an actual server.</P><P></P><P></P><P>- Jouni</P></BODY></HTML> Wed, 25 Apr 2012 14:59:32 GMT https://community.cisco.com/t5/network-security/asa-5500-and-dhcp-problem/m-p/1909953#M438031 Jouni Forss 2012-04-25T14:59:32Z https://community.cisco.com/t5/network-security/asa-5500-and-dhcp-problem/m-p/1909954#M438035 <HTML><HEAD></HEAD><BODY><P>Hi Jouni,</P><P></P><P>basically the requests commning from a wireless controller. thats why its not 0.0.0.0.</P><P>If i connect a host directly to the ASA i get a DHCP. I would like to use the ASA as DHCP over the wireless controller.</P></BODY></HTML> Wed, 25 Apr 2012 15:02:10 GMT https://community.cisco.com/t5/network-security/asa-5500-and-dhcp-problem/m-p/1909954#M438035 kakados2000 2012-04-25T15:02:10Z https://community.cisco.com/t5/network-security/asa-5500-and-dhcp-problem/m-p/1909955#M438037 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Do you have any logs while the issue happens, I mean we can see on that monitor tool that you were dropping packets but we will need to see what the logs say to determine why this happens.</P><P></P><P>Regards,</P><P></P><P>Julio</P></BODY></HTML> Wed, 25 Apr 2012 17:16:59 GMT https://community.cisco.com/t5/network-security/asa-5500-and-dhcp-problem/m-p/1909955#M438037 Julio Carvajal 2012-04-25T17:16:59Z https://community.cisco.com/t5/network-security/asa-5500-and-dhcp-problem/m-p/1909956#M438038 <HTML><HEAD></HEAD><BODY><P>Hi Julio,</P><P></P><P>the only log message i see (that is related to this), is the one i posted:</P><P></P><PRE style="border-collapse: collapse; font-size: 12px; list-style-type: none; margin-top: 10px; margin-right: 20px; margin-bottom: 10px; margin-left: 20px; padding-left: 10px;"><CODE style="border-collapse: collapse; list-style-type: none;">UDP request discarded from 192.168.1.254/67 to INSIDE:192.168.1.1/67</CODE></PRE></BODY></HTML> Wed, 25 Apr 2012 17:46:24 GMT https://community.cisco.com/t5/network-security/asa-5500-and-dhcp-problem/m-p/1909956#M438038 kakados2000 2012-04-25T17:46:24Z https://community.cisco.com/t5/network-security/asa-5500-and-dhcp-problem/m-p/1909957#M438041 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>hmm it got to be something else, I mean that log does not show that the Interface went down it only shows that a UDP packets was not allowed to traverse the ASA due to the Accelerated Security Path ( ASP algorithm)</P><P></P><P>Regards,</P><P></P><P>Julio</P></BODY></HTML> Wed, 25 Apr 2012 17:54:59 GMT https://community.cisco.com/t5/network-security/asa-5500-and-dhcp-problem/m-p/1909957#M438041 Julio Carvajal 2012-04-25T17:54:59Z https://community.cisco.com/t5/network-security/asa-5500-and-dhcp-problem/m-p/1909958#M438043 <HTML><HEAD></HEAD><BODY><P>I am having the same issue, did you find any solution for this...</P><P></P><P>Below is my config</P><P></P><P> dhcpd dns 208.67.222.123 208.67.220.123</P><P>dhcpd lease 43200</P><P>dhcpd ping_timeout 20</P><P>dhcpd option 3 ip 172.16.8.1</P><P>dhcpd address 172.16.8.40-172.16.8.167 guest</P><P>dhcpd enable guest</P><P></P><P>and the logs..</P><P></P><P>%ASA-7-710005: UDP request discarded from 172.16.8.201/67 to guest:172.16.8.1/67</P><P>%ASA-7-710005: UDP request discarded from 172.16.8.201/67 to guest:172.16.8.1/67</P><P>%ASA-7-710005: UDP request discarded from 172.16.8.201/67 to guest:172.16.8.1/67</P><P>%ASA-7-710005: UDP request discarded from 172.16.8.201/67 to guest:172.16.8.1/67</P><P>%ASA-7-710005: UDP request discarded from 172.16.8.201/67 to guest:172.16.8.1/67</P><P>%ASA-7-710005: UDP request discarded from 172.16.8.201/67 to guest:172.16.8.1/67</P><P>%ASA-7-710005: UDP request discarded from 172.16.8.201/67 to guest:172.16.8.1/67</P><P>%ASA-7-710005: UDP request discarded from 172.16.8.201/67 to guest:172.16.8.1/67</P><P>%ASA-7-710005: UDP request discarded from 172.16.8.201/67 to guest:172.16.8.1/67</P><P>%ASA-7-710005: UDP request discarded from 172.16.8.201/67 to guest:172.16.8.1/67</P><P></P><P>172.16.8.201 is the wireless controller and 172.16.8.1 is the Firewall Guest interface</P><P></P><P></P><P></P><P>Siddhartha</P></BODY></HTML> Thu, 07 Mar 2013 14:10:28 GMT https://community.cisco.com/t5/network-security/asa-5500-and-dhcp-problem/m-p/1909958#M438043 siddhartham 2013-03-07T14:10:28Z https://community.cisco.com/t5/network-security/asa-5500-and-dhcp-problem/m-p/1909959#M438045 <HTML><HEAD></HEAD><BODY><P>found the issue.</P><P></P><P>ASA s don't support Unicast DHCP requests, thts why its discarding the proxied DHCP requests from the wireless controller.</P><P></P><P>work around- Disable DHCP proxy on the controller ( its a global setting not a per WLAN setting)</P><P></P><P><A class="jive-link-external-small" href="https://community.cisco.com/thread/2178369">https://supportforums.cisco.com/thread/2178369</A></P><P></P><P>Siddhartha</P></BODY></HTML> Thu, 07 Mar 2013 16:11:23 GMT https://community.cisco.com/t5/network-security/asa-5500-and-dhcp-problem/m-p/1909959#M438045 siddhartham 2013-03-07T16:11:23Z