cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
647
Views
0
Helpful
1
Replies

ASA keeping DHCP UDP connection open to outside

matthew.goli1
Level 1
Level 1

Hello,

 

Hoping someone could offer a creative or easy solution to a problem I experienced this morning.  We have an ASA5516 running 9.8(3)29.  It has a dedicated internet connection connected to Gig1/1 and layer 3 switch on the INSIDE interface.  The ASA has VTI based VPN tunnels back to HQ where the DHCP server exists.  DHCP forwarding is performed by the layer 3 switch.

 

Last night during an outage of the ISP, since routing table entries were removed from the ASA to send the DHCP packets through the VPN tunnels, the ASA decided to send those DHCP packets out the OUTSIDE interface towards the ISP.  since the DHCP packets kept coming, the UDP connection never closed after the VPN tunnel came back up.  I had to clear the connections to the DHCP server and then the ASA started sending DHCP traffic through the VPN tunnel again to HQ.

 

 

 

1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

When you lost ISP, your tunnel connection may have terminated, so the packets going out of VPN and they get denied, (we can not confirm this since we do not have logs.)

 

as long as after rest tunnel all working, you should be ok.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Review Cisco Networking for a $25 gift card