03-07-2013 09:23 AM - edited 03-11-2019 06:11 PM
I have a service provider that is handing out static IP addresses via DHCP. On one of my services they are giving me an IP address that is actually the network address for the given subnet (a 255.255.255.252 mask).
The ASA appears to reject this and complains with an error message. I apologize that I can't recall.
But the end result is that it simply refuses to accept the DHCP lease because of this.
Is there a way to turn on IP subnet zero support on the ASA similiar the way it can be done on a router?
Thanks!
Solved! Go to Solution.
03-07-2013 10:00 AM
Hi,
Personally I dont know of any way to configure either network address of broadcast address on an ASA
If you try to configure this manually on the ASA you will get an error message along the lines of
ERROR: Bad mask 255.255.255.248 for address 1.1.1.192
ERROR: Bad mask 255.255.255.248 for address 1.1.1.199
When your network is for example 1.1.1.192/29
The ASA has the same limitations when you configure a NAT using the network address or broadcast address.
So to my understanding this would not be possible. Then again I havent never run into such a problem with DHCP and havent had a reason to try configure a network address or broadcast address on the ASA interface.
- Jouni
03-07-2013 10:00 AM
Hi,
Personally I dont know of any way to configure either network address of broadcast address on an ASA
If you try to configure this manually on the ASA you will get an error message along the lines of
ERROR: Bad mask 255.255.255.248 for address 1.1.1.192
ERROR: Bad mask 255.255.255.248 for address 1.1.1.199
When your network is for example 1.1.1.192/29
The ASA has the same limitations when you configure a NAT using the network address or broadcast address.
So to my understanding this would not be possible. Then again I havent never run into such a problem with DHCP and havent had a reason to try configure a network address or broadcast address on the ASA interface.
- Jouni
03-07-2013 10:41 AM
Thanks,
The error I get when being assigned the network address for a particular subnet is:
"Error : IP and subnetmask form invalid pair indicating broadcast or network address"
As far as I've been able to determine it just isn't supported on Cisco ASA firewalls (for some obvious reasons).
I'm asking the service provider now to give me a different address that is not a network LAN address for the subnet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide