One of our Customer currently running Juniper firewall and we tried to replace it with the ASA 5512 Firewal l Using attached configuration .every vpn , internet connections are working fine but after we connect it to the LAN side following issues came out
1) Some desktop machines are not assigning the ip address and dns address (DHCP server and Dns configure in the windows 2008 sever not in the ASA firewall)
2) Some desktop machines assign ip address ,DNS addresses and work fine without any issue
3) After some period of time some desktop machines unable to connect to internal servers
But after we install the juniper firewall over again LAN network work fine without above issues. we already checked the LAN network but couldt find any issues there. So please help us to overcome this issue , and please check the attached Juniper and Cisco ASA firewall configuration and also network Diagram
It appears like all your PCs and Server are in the same Vlan with subnet 192.168.120.x. Did you check the switch logs?
Also, Switch is L3 and routing configured on the same? On ASA, I do not see any dynamic routing configured. How it is learning about 192.168.120.x subnet. At this point it looks like internal issue than ASA related. Can you post Switch config? An changes to AD server?
Thank you very much for yoyr answer but firwall cannect to the unmanagable switch (AD and firewall and lan ) and no any changes to AD server.all lan network work fine with the Juniper firewall. can u please send me the dynamic routing that need to configured in the firewall
Everything works fine (clients getting IP etc) when you connect back Juniper and the same fails with ASA. Is that correct?
if that is the case, it appears like Juniper FW may be acting as DHCP server for LAN clients. Cross check the configs.
Also, I suggest you to replace the existing unmanaged switch with a manageable switch. That way, you can check the health of switch port and switch itself incase of any issues.
As far as adding routes to ASA- as your network is small, you can get away with Static routes. I see few of the routes configured on ASA (commands relates to -route MPLS ..... etc).
PS: Pls rate helpful posts.
As per your advise we replace the existing unmanageable switch and install layer 2 Cisco switch . and also check the juniper firewall configuration but it s not seems to be acting as a DHCP server to lan network.there are no DHCP server configuration on it.and for the further troubleshooting we isolate the lan network from our firewall and check the connectivity at that time it work fine without any issue but after connecting the firewall in to the lan, it shows the same issues .specially deckstop machines that running windows 7 unable to assign even a ip address from the DHCP server, and cant reach printers and file servers within the lan network. so this case still in unresolved state and if possible please advice for further actions
ASA configuration looks clean.
No DHCP on ASA
would suggest to apply captures on DHCP client and server to check the DORA process for DHCP.
ASA wont be interfering in DHCP process here, to verify further please paste "show tech" and "show run all sysopt" from ASA.
Further would suggest to check the DORA process between the impacted client and Server with the help of captures.