Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1760
Views
0
Helpful
2
Replies

IP Subnet Zero on ASA

Go to solution
jeremyarcher
Level 1
Level 1

‎03-07-2013 09:23 AM - edited ‎03-11-2019 06:11 PM

I have a service provider that is handing out static IP addresses via DHCP.  On one of my services they are giving me an IP address that is actually the network address for the given subnet (a 255.255.255.252 mask).

The ASA appears to reject this and complains with an error message.  I apologize that I can't recall.

But the end result is that it simply refuses to accept the DHCP lease because of this.

Is there a way to turn on IP subnet zero support on the ASA similiar the way it can be done on a router?

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎03-07-2013 10:00 AM

Hi,

Personally I dont know of any way to configure either network address of broadcast address on an ASA

If you try to configure this manually on the ASA you will get an error message along the lines of

ERROR: Bad mask 255.255.255.248 for address 1.1.1.192

ERROR: Bad mask 255.255.255.248 for address 1.1.1.199

When your network is for example 1.1.1.192/29

The ASA has the same limitations when you configure a NAT using the network address or broadcast address.

So to my understanding this would not be possible. Then again I havent never run into such a problem with DHCP and havent had a reason to try configure a network address or broadcast address on the ASA interface.

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎03-07-2013 10:00 AM

Hi,

Personally I dont know of any way to configure either network address of broadcast address on an ASA

If you try to configure this manually on the ASA you will get an error message along the lines of

ERROR: Bad mask 255.255.255.248 for address 1.1.1.192

ERROR: Bad mask 255.255.255.248 for address 1.1.1.199

When your network is for example 1.1.1.192/29

The ASA has the same limitations when you configure a NAT using the network address or broadcast address.

So to my understanding this would not be possible. Then again I havent never run into such a problem with DHCP and havent had a reason to try configure a network address or broadcast address on the ASA interface.

- Jouni

0 Helpful

Go to solution
jeremyarcher
Level 1
Level 1
In response to Jouni Forss

‎03-07-2013 10:41 AM

Thanks,

The error I get when being assigned the network address for a particular subnet is:

"Error : IP and subnetmask form invalid pair indicating broadcast or network address"

As far as I've been able to determine it just isn't supported on Cisco ASA firewalls (for some obvious reasons).

I'm asking the service provider now to give me a different address that is not a network LAN address for the subnet.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card