I have a fixed IP address assigned by my ISP, using DHCP on my ASA5510. The IP is public, and therefore does not change.
But, if I change the config on the WAN interface on the ASA to STATIC, same IP, subnet and default gateway connectivity is lost...
What ISP/carrier feature controls WAN access combined with DHCP? Is there a MAC ACL on the next-hop device that works together via DHCP?
Solved! Go to Solution.
typically with dsl ppp does this, using like ipcp. not sure how your FW is configured. do you just have and ethernet drop from your ISP and DHCP on your outside interface?
I'll guess they are using a function that only allows packets from an IP address that have been assigned by DHCP only. So if you don't get an IP address via DHCP it simple does not accept your packets.
A common way of doing this is to use "IP Source Guard".
Source guard would be the correct answer. I emailed a former employee with the ISP, and he told me that they use source guard. Didn't expect him to reply :)
How am I then able to get a static IP on my ASA for active/failover setup. The HA setup does not allow DHCP on interfaces for failover???
How you are connected with your ISP ? is it DSL (PPPoE or PPPoA) GPON or IPoE ?
If you configured dialer interface you mention "ip address negotiated " in configuration and once LCP negotiation is done IPCP send broadcast to dhcp server to request an IP address and DHCP server assigned a single /32 IP address. in case of Fixed one ISP billing software fix this IP so you will always get the same.
In above mentioned case you can remove "ip address negotiated " and provide direct public IP with subnet and dns details, it should work.