CSCvh91053 - ASA sending DHCP decline | not assiging address to AC clients via DHCP

kumarpadala · ‎07-03-2019

I am not sure whether below logs also related to this bug, we have on 9.4(4)16 on ASA 5516-X with FirePOWER services, so can someone please confirm on this.

We have a new DHCP server configured on ASA, then we see this logs & clients are not getting IP's, but when we revert back to old DHCP server IP, and Anyconnect clients are getting IP address as expected.

DHCP: ***Allocated IP address: 10.10.10.20 for interface inside
Dhcp_Proxy_Task: got message ADDRESS_RESPONSE (2)
[94204] Session=0x09de0000 Transaction 716307329 got IP address10.10.10.20, netmask 255.255.255.0, gateway 0.0.0.0

DHCPP: Server 192.168.60.15 is allocating an address Server192.168.60.14 has already assigned
DHCP: SDecline attempt # 1 for entry:
DHCP: SDecline state: Bound
DHCP: SDecline- Server ID option:192.168.60.15
DHCP: SDecline- Requested IP addr option:10.10.10.20
DHCP: SDecline: 304 bytes
DHCP: DHCP Unicast to192.168.60.15 from 172.20.1.1
DHCP: deleting entry 0x00007fffa0b2e7e0 10.10.10.20 from list
DHCP: DHCP Proxy decremented rule -1500251904 count for interface: inside, scope:10.10.10.0, server:192.168.60.15 , in use count: 72.

kumarpadala · ‎07-05-2019

I did the below steps, and the issue got fixed.

Step-1 --> Configure the new DHCP IP address under required tunnel-group.

Step-2 --> Restart the secondary firewall device from failover.

Step-3 --> Once the secondary device comes up & running, failover to secondary (operational primary).

Step-4 --> Reload the primary device (operational secondary).

Step-5 --> Once the primary device comes up, make that device as a primary (operational primary like before).