dhcp on 8.4(4)

Kashish_Patel · ‎06-18-2012

We had upgraded 3 of our firewalls in the last week. Those were ASA 5510s
and were running on 8.2(2)16 before. They were upgraded to 8.4(4) last week. We have
Wireless Access Points in the external segment (outside firewall) and after the firewall
was upgraded, we saw that 3 of our wireless APs could not get IPs (the DHCP server resides
in internal LAN segment), while the other three APs got IPs. Rebooting the firewall also
did not help. We then downgraded the firewall to 8.2(2)16 and all 6 APs immediately got
IPs. Is there a bug related to DHCP relay on 8.4(4)? 

Thanks,
Kashish

varrao · ‎06-18-2012

Hi Kashish,

I tried to look for, but there are no current bugs related to dhcp relay on ASA, I suggest you take captures and dhcp debugs to identify the cause for denial, only then any possiblity of a bug can be ruled out. Right now we dont even know whether it is the ASA or anyother device causing the issue, you need to first isolate that.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

Adrian Martinez · ‎08-02-2012

I upgraded three ASAs (1 5505 and two 5510) to 8.4(4)3 and on all three ASAs which were providing DHCP services to connected networks stopped working. Users could not get DHCP addresses from the ASAs running 8.4.4.3.

I did packet captures from the desktop, basically I see the DHCP requests leaving the desktop, but no replies from the ASA.

I downgraded the ASA to 8.4(4)1 and DHCP immediately starting working again.

I then upgraded back to 8.4.4.3. DHCP failed again. Downgraded the ASA to 8.4.4.1, then DHCP started working again.

Looks like a bug with ASA 8.4.4.3 and DHCP.