06-12-2019 10:18 AM
Hello,
I hsd configure a dhcp with my dns server on my ASA firewall, It was working fine, but suddently, my dhcp client dosent receive my dns config at all, it show 0.0.0.0 insted of 10.0.1.50 that I have set.
I tried to change the dns server in my config but it does not replicate on my client.
I was wondering what I did wrong and how to fix it?
Thanks in advance! :)
My asa actual config are the following:
ASA Version 9.6(1)
!
hostname Firewall
domain-name climoilou.ca
names
!
interface GigabitEthernet1/1
nameif Outside
security-level 0
ip address 10.0.0.2 255.255.255.0
!
interface GigabitEthernet1/2
nameif DNS
security-level 100
ip address 10.0.1.1 255.255.255.0
!
interface GigabitEthernet1/3
nameif Web
security-level 100
ip address 10.0.2.1 255.255.255.0
!
interface GigabitEthernet1/4
nameif Lab1
security-level 100
ip address 10.0.3.1 255.255.255.0
!
interface GigabitEthernet1/5
nameif Lab2
security-level 100
ip address 10.0.4.1 255.255.255.0
!
interface GigabitEthernet1/6
nameif Lab3
security-level 100
ip address 10.0.5.1 255.255.255.0
!
interface GigabitEthernet1/7
nameif Lab4
security-level 100
ip address 10.0.6.1 255.255.255.0
!
interface GigabitEthernet1/8
no nameif
no security-level
no ip address
shutdown
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
object network inside-net
subnet 10.0.1.0 255.255.255.0
!
route Outside 0.0.0.0 0.0.0.0 10.0.0.1 1
!
access-list group extended permit tcp any any eq domain
access-list group extended permit tcp any any eq www
access-list group extended permit tcp any any eq smtp
access-list group extended permit tcp any eq domain any
access-list group extended permit udp any eq domain any
access-list group extended permit udp any any eq domain
access-list group extended permit icmp any any echo
access-list group extended permit icmp any any echo-reply
access-list group extended permit tcp any any eq pop3
!
!
access-group group in interface Outside
!
aaa authentication ssh console LOCAL
!
!
username admin password 4IncP7vTjpaba2aF encrypted
!
class-map inspection_default
match default-inspection-traffic
!
policy-map global_policy
class inspection_default
inspect http
inspect icmp
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global-policy
!
service-policy global_policy global
!
telnet timeout 5
ssh 10.0.1.0 255.255.255.0 DNS
ssh 203.1.2.0 255.255.255.0 Outside
ssh timeout 10
!
dhcpd dns 10.0.1.50
!
dhcpd address 10.0.3.100-10.0.3.131 Lab1
dhcpd enable Lab1
!
dhcpd address 10.0.4.100-10.0.4.131 Lab2
dhcpd enable Lab2
!
dhcpd address 10.0.5.100-10.0.5.131 Lab3
dhcpd enable Lab3
!
dhcpd address 10.0.6.100-10.0.6.131 Lab4
dhcpd enable Lab4
Solved! Go to Solution.
06-12-2019 05:36 PM - edited 06-12-2019 05:36 PM
I have set my dns server on each interface instead of a general DHCP rule and it wolved my problem, but thanks alot for your help! :)
06-12-2019 04:52 PM
Hi,
Run wireshark on the client to confirm that the ASA firewall is not sending that option. You could also trying setting the option per pool.
Thanks
John
06-12-2019 05:36 PM - edited 06-12-2019 05:36 PM
I have set my dns server on each interface instead of a general DHCP rule and it wolved my problem, but thanks alot for your help! :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide