cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

conflicting information - dhcpd auto_config outside

Bill Dickerson
Level 1
Level 1

My minor project to check and fix configuration problems or inconsistencies has grown to major proportions. I've gotten past the transform-set questions and a few other odds and ends through comparing our ASA5505 configurations with each other and researching what wasn't consistent, or that didn't make sense.
Most of the time the answer is there, and multiple resources "agree" on it. But one has me perplexed as I still am unable to find an authoritative source say once and for all - use it under these conditions, otherwise do NOT use it.
That line is this -  dhcpd auto_config outside
I started to believe that if your outside interface was configured via DHCP - say your ISP didn't furnish a static address but you got a reserved address or even a dynamic address via DHCP, you didn't get to set a route outside, but passed that info to the inside via the command dhcpd auto_config outside.
One person hinted in his response to another person 2 or 3 years ago in another forum "check your ASA's outside interface and if you receive the outside address via DHCP then the ASA is using that line to pass the routing information along that it received through the DHCP assignment".
Well that made sense to me - as if it's a static address and you know the ISPs gateway, you can set up the info via route outside 0.0.0.0 etc - what I call the zero-zero route - if all else fails, go here.
He stopped short of telling the fellow "if your ASA has a static address assigned to the outside interface it's not using the dhcpd auto_config outside".
I have just looked at some 3rd party "how to" pages, including a tutorial from a school - and ALL of their ASA configurations, every one of them, DHCP assigned OUTSIDE address or STATIC OUTSIDE addresses where they used the 0-0 route outside, used that same command.

So, my question is this:
* If you have a STATIC address assigned through your ISP to your outside interface, and you have a route outside 0-0 with the ISP gateway address, do you need the line/command  dhcpd auto_config outside  ??

* If your outside interface receives the IP address from the ISP via DHCP, be it reserved or true DHCP where it also receives the gateway, etc. through that DHCP server of your ISP -
May I assume that you DO need that   dhcpd auto_config outside  command -   Correct?

I'm finding a lot of inconsistencies in our ASA configurations - and I have 20 to go to check out! Some are just plain missing configuration parts, others have a lot of extra stuff left from years ago - or from os updates/upgrades, and some so far make little sense.
One example was some of our ASAs have the lines
dns domain-lookup inside
dns server-group DefaultDNS

but no name server addresses or anything else.
Another has the dns server-group DefaultDNS but no domain-lookup line at all, and seems to be missing some other things. Granted that's unlikely to impact our inside users - but it's messy at the very least, and means each one is different.

One problem at a time, I guess!

Bill

 

Who Me Too'd this topic