Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
646
Views
0
Helpful
1
Replies

ASA keeping DHCP UDP connection open to outside

matthew.goli1
Level 1
Level 1

‎08-07-2019 07:03 AM

Hello,

 

Hoping someone could offer a creative or easy solution to a problem I experienced this morning.  We have an ASA5516 running 9.8(3)29.  It has a dedicated internet connection connected to Gig1/1 and layer 3 switch on the INSIDE interface.  The ASA has VTI based VPN tunnels back to HQ where the DHCP server exists.  DHCP forwarding is performed by the layer 3 switch.

 

Last night during an outage of the ISP, since routing table entries were removed from the ASA to send the DHCP packets through the VPN tunnels, the ASA decided to send those DHCP packets out the OUTSIDE interface towards the ISP.  since the DHCP packets kept coming, the UDP connection never closed after the VPN tunnel came back up.  I had to clear the connections to the DHCP server and then the ASA started sending DHCP traffic through the VPN tunnel again to HQ.

 

 

 

Labels:
Preview file
14 KB
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎08-07-2019 12:40 PM

When you lost ISP, your tunnel connection may have terminated, so the packets going out of VPN and they get denied, (we can not confirm this since we do not have logs.)

 

as long as after rest tunnel all working, you should be ok.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card