DHCP Outside Interface on a HA Cisco ASA 5505 pair - Help needed

Cormac Champion · ‎11-03-2022

HI all,

I have a HA pair of ASA 5505's in a small setup. The ISP wants to provide the Internet link with our end being given the IP via DHCP.

I have the ISP connection connected to a switch (on Vlan3) and the ASA's are trunked off a switch pair. So the IP needs to go on the Vlan, not on the actual Interface.

But my problem is that the ASA will not allow me to setup Vlan3 as a DHCP client. I get the error "ERROR: DHCP Client cannot be enabled while in Failover or Clustering mode"

Is there any other way around this ?

MHM Cisco World · ‎11-03-2022

Failover Configuration Limitations

You cannot configure failover with these types of IP addresses:

IP addresses obtained through DHCP
IP addresses obtained through PPPoE
IPv6 addresses

so can you add edge router and then config ASA behind that router?

balaji.bandi · ‎11-03-2022

what said was right, that is limitation, most of the Cluster or Actve/staby deployed in controller environment (means have own IP address space)

to mitigate you need to get any Router Like (rasberry Pi can do your work)

ISP---Rasberry Pi --Switch---ASA Cluster (just get an idea)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Cormac Champion · ‎11-03-2022

Adding an Edge router is not really an option, since the installation is in a different country, so I can only reach remotely

DHCP Outside Interface on a HA Cisco ASA 5505 pair - Help needed

Failover Configuration Limitations

Firewall: ASA Failover，FTD HA の 'Negotiation' ステータスについて

Catalyst 9800 HA SSO 障害時の機器交換(Active機障害)

Upgrade ASA from 9.10 to 9.20 on FRP2120 HA Pair

ASA: 設定同期の最適化(HA Config Sync Optimization)について

the outside interface is