Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
917
Views
1
Helpful
6
Replies

ASA External Interface Lease renewal ?

Go to solution
HumptyD-UK
Frequent Visitor
Frequent Visitor

‎01-07-2026 03:56 AM - edited ‎01-07-2026 04:02 AM

Hi folks, 

We have a ASA on 9.12(4)67. 

There is an  ONT that is connected on the external interface and we use DHCP to retrieve our IP and gateway etc. for out internet connection. 

If this interface drops and then recovers (ONT is in a different room which is not UPS maintained.) I can see we still have an IP number and gateway, but routing stops.. and thus, so dose any remote access. 

I've found that if we then renew the lease via ADSM, routing is then refreshed? and passes traffic. 
(this is a pain because I normally work remotely as the ASA is a 30 min drive away.)  

If this is known feature, can it be mitigated in any way to force a complete lease renewal,  perhaps with a script responding to loss of ping to the remote gateway?


With Thanks

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni
In response to HumptyD-UK

‎01-08-2026 03:20 AM

Hi,

   That's weird, as far as if the interface goes down, upon interface coming back UP, it initiates the DHCP DORA process gain, thus it communicates with remote side, you're saying the IP is preserved, so it should work. I suggest to perform the following actions:

1. Upgrade to 9.14(4)24, to maybe fix a bug on the ASA.

2. If above doesn't fix it or for whatever reason you can't perform an upgrade, use an EEM script to automatically renew the lease on the interface upon interface flap:

 

event manager applet DHCP_RENEW_LEASE
 event syslog id 411001 occurs 1 period 1
 action 0 cli command "interface GigabitEthernet0/5"
 action 1 cli command "no ip address dhcp setroute"
 action 2 cli command "ip address dhcp setroute"
 output console

 

 If you're going ahead with second proposed option, test it, create a link down event and see if it works.

Thanks,

Cristian.

View solution in original post

6 Replies 6

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni

‎01-07-2026 04:19 AM

Hi,

   I'd first need to understand the exact conditions. When the event happens, the ASA interface goes DOWN or remains in UP state? When you renew the lease after the event to fix it, do you get a different IP address than you previously had before the event happened, or is it the same? When the event happens, from ASA CLI, what is the output of show interface ip brief and show route, do you still have an IP address on the interface and the default route installed in RIB?

Thanks,

Cristian.

0 Helpful

Go to solution
HumptyD-UK
Frequent Visitor
Frequent Visitor

‎01-07-2026 06:48 AM

Hello, 

Here's some example syslogs.

2025-11-19 03:40:12 Gig-0/5-External <IP> ifAdminStatus: down -> up System
2025-11-19 03:40:12 Gig-0/5-External <IP> ifOperStatus: down -> up System
2025-11-19 03:35:10 Gig-0/5-External <IP> ifAdminStatus: up -> down System
2025-11-19 03:35:10 Gig-0/5-External <IP> ifOperStatus: up -> down

2025-11-19 03:39:07 warning <IP> Nov 19 03:39:34 GMT/BST: %ASA--4-411001: Line protocol on Interface GigabitEthernet0/5, changed state to up warning
2025-11-19 03:39:03 warning <IP> Nov 19 03:39:30 GMT/BST: %ASA--4-411002: Line protocol on Interface GigabitEthernet0/5, changed state to down warning
2025-11-19 03:38:55 warning <IP> Nov 19 03:39:22 GMT/BST: %ASA--4-411001: Line protocol on Interface GigabitEthernet0/5, changed state to up warning
2025-11-19 03:38:51 warning <IP> Nov 19 2025 03:39:18: %ASA--4-411002: Line protocol on Interface GigabitEthernet0/5, changed state to down warning
2025-11-19 03:38:49 warning <IP> Nov 19 03:39:16 GMT/BST: %ASA--4-411001: Line protocol on Interface GigabitEthernet0/5, changed state to up warning
2025-11-19 03:34:51 warning <IP> Nov 19 03:35:18 GMT/BST: %ASA--4-411002: Line protocol on Interface GigabitEthernet0/5, changed state to down warning.

the sh ip bri, shows our external IP number on the external if but don't have a full output on record atm. 






 

 

S* 0.0.0.0 0.0.0.0 [1/0] via <extenral gw ip>, Gig-0/5-External
C <internal> .0 255.255.255.0 is directly connected, Gig-0/0-Internal-0
L <internal> .2 255.255.255.255 is directly connected, Gig-0/0-Internal-0
C <internal> .4.0 255.255.255.0 is directly connected, Gig-0/4-Wifi
L <internal> .4.1 255.255.255.255 is directly connected, Gig-0/4-Wifi
C <external subnet>.0 255.255.255.0 is directly connected, Gig-0/5-External
L <external ip> 255.255.255.255
is directly connected, Gig-0/5-External

 

 

interface GigabitEthernet0/5
nameif Gig-0/5-External
security-level 0
ip address dhcp setroute

 

Many Thanks

Mark

0 Helpful

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni
In response to HumptyD-UK

‎01-07-2026 01:26 PM

Hi, 

    Unfortunately, you didn't answer my questions. You provided some log, however I don't want to assume what it might mean, I need to tie the logs to the sequence of events.

1. When the event happens, the ASA interface goes DOWN or remains in UP state? The event means, you loose Internet access, not you disabling and enabling the interface.

2. When you renew the lease after the event to fix it, do you get a different IP address than you previously had before the event happened, or is it the same?

3. When the event happens, from ASA CLI, what is the output of show interface ip brief and show route, do you still have an IP address on the interface and the default route installed in RIB?

Thanks,

Cristian.

0 Helpful

Go to solution
HumptyD-UK
Frequent Visitor
Frequent Visitor
In response to Cristian Matei

‎01-08-2026 01:56 AM

Hi Again, 

1) We loose internet access. The interface goes down, then returns to up as connection is regained to the ONT. 
(The ONT is not on a UPS, so if there is a power interruption, it has to re-initialise. Hence the interface going DOWN-UP. The ASA is on a UPS.) 

2) The IP number remains the same. 

3) yes, we still have an IP number on the interface, and default route. 
sh route as above
sh ip int bri as above. 

Many thanks

Mark

0 Helpful

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni
In response to HumptyD-UK

‎01-08-2026 03:20 AM

Hi,

   That's weird, as far as if the interface goes down, upon interface coming back UP, it initiates the DHCP DORA process gain, thus it communicates with remote side, you're saying the IP is preserved, so it should work. I suggest to perform the following actions:

1. Upgrade to 9.14(4)24, to maybe fix a bug on the ASA.

2. If above doesn't fix it or for whatever reason you can't perform an upgrade, use an EEM script to automatically renew the lease on the interface upon interface flap:

 

event manager applet DHCP_RENEW_LEASE
 event syslog id 411001 occurs 1 period 1
 action 0 cli command "interface GigabitEthernet0/5"
 action 1 cli command "no ip address dhcp setroute"
 action 2 cli command "ip address dhcp setroute"
 output console

 

 If you're going ahead with second proposed option, test it, create a link down event and see if it works.

Thanks,

Cristian.

Go to solution
HumptyD-UK
Frequent Visitor
Frequent Visitor
In response to Cristian Matei

‎01-11-2026 11:17 PM

Good Morning, Thank you for the follow up, and can confirm the script worked nicely. 

yes, we could do 9.14(4)24, but that's for another day when I have more £ in the budget later this year. 

Mark

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card