04-21-2008 05:19 PM - edited 03-11-2019 05:34 AM
Hi,
I am finding it difficult to suggest my management for replacing the present Netscreen firewall which ASA as it does the static dhcp ip to mac-address mapping.
Is there any facility where ASA does static DHCP IP to Mac-address reservation in ASA.
I have seen some notes on cisco which states the utilisation of option 61 to specify the client identifier as we do in Cisco routers How can I use this in ASA with DHCPD option.
Can anyone help me doing this and send me a sample configuration if this can be done using ASA.
Regards,
Krissh
Solved! Go to Solution.
02-20-2020 08:14 AM
04-25-2008 12:32 PM
static dhcp ip to mac-address mapping is not supported in ASA.The listt of features supported by ASA is present in the URL given below:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/specs.html
The below Url gives the firewall mode guide for the ASA.
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/fwmode.html
05-10-2011 07:00 AM
Actually, you can:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a7afb2.shtml
The above configuration sample includes both ASDM and CLI config.
Regards,
DL......Please rate the post if it was useful.
07-19-2012 04:38 AM
Hello.
You can't. Your document is about " how to assign static IP address for user who uses VPN" , not how to bind specific IP address from DHCP pool, to the specific MAC address.
07-19-2012 07:00 AM
I was looking around for the same answer when I found what could be a work around. You can create a static arp entry that should allow the device to get the same IP address everytime.
You can do this in the ASDM under Device Management -> Advanced -> Arp -> Arp Static Table
Or from the CLI:
arp INSIDE 1.1.1.1 01ac.ac54.dc88
07-19-2012 07:11 AM
Hi!
Does it really works for you? Why ASA should look to the ARP table, when the client is sending DHCP request?
09-24-2012 12:56 PM
This functionality is currently not supported on the ASA. There is no known way to implement this functionality (The static ARP idea doesn't work, I just tried it in the lab).
An enhancement bug has been filed requesting this support:
CSCsw72963 ASA local address pools should support DHCP reservations/assignments
09-16-2015 01:37 PM
I know this post is 3 years old but has this been included on a recent software version update for the ASA?
10-12-2015 05:18 PM
Nope, still not supported in 9.2(4), 9.3(3) , 9.4(2), or 9.5(1). The best work-around IMO is use DHCP relay.
Considering it's already taken them this long, I have no problem betting $100 that it will never happen.
04-05-2017 05:52 PM
Hi,
This is the topology.
Users are connecting via AnyConnect VPN and are getting authorized with ISE and AD. Windows DHCP Server is giving dynamically IP addreses. The customer wants to assign static MAC-IP binding in the DHCP Server so they can use the firewall to filter based on the VPN IP addresses.
Internet ----- ASA ------ LAN --- ISE and Windows DHCP Server.
Can you provide more information how can I assign MAC-IP binding in a Windows DHCP Server through AnyConnect VPN and ISE.
Would it work by just configuring the DHCP relay on the ASA?
Thanks.
09-20-2018 12:05 PM
Maybe NAT the user to another interface. The traffic would always come from the same source.
02-20-2020 08:14 AM
02-24-2020 04:09 AM
Do you have any reference for "dhcpd reserve-address"?
I can't see it in the release notes for 9.13(1):
https://www.cisco.com/c/en/us/td/docs/security/asa/asa913/release/notes/asarn913.html
I'm looking at upgrading from ASA5505 to FirePower 1010 (which I believe runs 9.13(1)and this feature would be really nice...
03-23-2020 01:20 PM
Jay,
Can this be used for remote access VPN clients?
03-23-2020 02:09 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide