Packet Tracer DMZ Lab---can't remove DHCP pool addressses

smartd1011 · ‎11-18-2014

Hi all,

I hope everyone is doing good.

I've been having trouble to config my DMZ lab. I use Packet Tracer 6.1,and the firewall it provided is ASA 5505. The 3 interfaces on the firewall all use DHCP addressing. Due to the lab requirement, I have to assign static ip address. I used command" no ip address" or " no dhcpenable inside(outside) and I made change. But, when I did " show run", the interfaces still show the DHCP addresses. I attached my diagram screenshoot as reference. I also listed 2 more small issues alone with it.

I will be very trully appreciated if any one can help on this one and I won't forget.

Ding

Jouni Forss · ‎11-19-2014

Hi,

I dont have expirience with the Packet Tracer software itself so I would rather see the current CLI format configuration of the ASA5505 and all the things you want to configure there.

Though it sounds wierd if you are not able to configure the interface IP addresses or remove DHCP configurations?

A command to remove all the DHCP Server configurations from the ASA you should be able to use the command

ASA(config)# clear configure dhcpd

- Jouni

smartd1011 · ‎11-20-2014

Hi Jouni,

Thanks for the reply. I attached config. for you. Today, after I reopened the lab, did sh run, I saw the VLAN 1 and VLAN 2 shows static ip address as I assigned :). But, I still have trouble to config VLAN 3. It won't allow me name this VLAN interface to DMZ. Please review the config and hope you can find out why.

Thank you very much!

Ding

Vibhor Amrodia · ‎11-21-2014

Hi,

In the commands that you applied on the "int vlan3" , you cannot use VLAN3 in the no forward vlan command. It has to be either vlan 1 or 2.

This would mean that if you don't want vlan 3 to talk to vlan 1 , then use no forward vlan 1 as per the license restriction.

Thanks and Regards,

Vibhor Amrodia

smartd1011 · ‎11-21-2014

Hi Vibhor,

Thank you for the reply!

I think here is a bit misunderstanding. My problem is I can't assign both inside network & DMZ to VLAN 1. That's why I assigned VLAN 3 to DMZ. Due to base license restriction, I have to issue "no forward int vlan 3" in order to assign e0/2 ip address to it. This lab indicated used VLAN 1 for both network, but how that possible?

Thank you for your help!

Ding

Vibhor Amrodia · ‎11-22-2014

Hi,

If you are trying to assign different Sub net to the same VLAN on the ASA 5505 , they will not work as this ASA is designed as using switch ports for implementing the IP addresses on the ASA device.

You would have to use a different VLAN for a different Subnet.

Thanks and Regards,

Vibhor Amrodia

smartd1011 · ‎11-24-2014

So, you are saying that one vlan only support one subnet. But, based on the diagram instruction, it looks like I should assign office LAN & DMZ subnets to Vlan 1 and Outside internet for Vlan 2. This lab has design error then. I got it from youtube and is designed by professional. I'm confused. I tried to add VLAN 3 and assign it to DMZ, but this firewall only has base license and only support 2 Vlans. I was promptd to use command" no forward int vlan3" to bypass it, but I can't assign that Vlan interface's name to DMZ. I am be able set security level 50 and ip address though.

Vibhor Amrodia · ‎11-24-2014

Hi,

No , You cannot assign two different subnet to the same VLAN on the ASA 5505.

Thanks and Regards,

Vibhor Amrodia

smartd1011 · ‎11-29-2014

Hi Vibhor,

My lab require setup inside, outside and DMZ network. Cisco ASA 5505 only support 2 VLANs(due to base licensing). It has build in 8 port switch. port 0 is assigned to VLAN2(outside). Port 1-7 are assigned for VLAN1(inside). I can only add ip addresses to VLANs.

How can I create DMZ network?

Thank You!