Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
761
Views
0
Helpful
3
Replies

Policy Based Routing breaks DHCP on ASA 5525X ?!!

Go to solution
Ahmed ElShanab
Level 1
Level 1

‎05-19-2021 11:45 PM

Hi.

I have a setup working on a Cisco ASA 5525 X

This is the configuration for DHCP and PBR1:

interface Redundant1
member-interface GigabitEthernet0/2
member-interface GigabitEthernet0/3
no nameif
no security-level
no ip address
!

interface Redundant 1.111

VLAN 111
nameif Inside1 
security-level 100
ip address 172.16.111.1 255.255.255.0
policy-route route-map PBR1
!

access-list PBR1 extended permit ip any any
access-list Inside1 extended permit ip any any

nat (Inside1,outside) source dynamic any interface

access-group Inside1 in interface Inside1

!

route-map PBR1 permit 10
match ip address PBR1
set ip next-hop 192.168.250.11

!

dhcpd dns 8.8.8.8 4.4.2.2
!
dhcpd address 172.16.111.2-172.16.111.254 Inside1
dhcpd enable Inside1
!

When I remove the PBR1 from interface Redundant 1.111 DHCP working fine, but when I add it DHCP not working .

 

Any one has any idea of what could be going on here ???

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to paul driver

‎05-20-2021 01:46 PM

I believe that the issue here is that the acl used for PBR does a permit ip any any, so when the DHCP request is received on the interface it is not processed by DHCP but is forwarded to 192.168.250.11. I suggest that you modify the acl so that it denies DHCP requests before it matches other traffic. And I might suggest that instead of permitting any source address that you permit traffic from the subnet configured on that interface.

 

HTH

Rick

View solution in original post

0 Helpful
3 Replies 3

Go to solution
paul driver
VIP
VIP

‎05-20-2021 12:13 AM

Hello

@Ahmed ElShanab wrote:
 

I remove the PBR1 from interface Redundant 1.111 DHCP

 

Not sure what you mean by the above statement but your PBR is policy routing all traffic origninating from vlan 111 to that specified next hop which seems to be causing you an issue.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to paul driver

‎05-20-2021 01:46 PM

I believe that the issue here is that the acl used for PBR does a permit ip any any, so when the DHCP request is received on the interface it is not processed by DHCP but is forwarded to 192.168.250.11. I suggest that you modify the acl so that it denies DHCP requests before it matches other traffic. And I might suggest that instead of permitting any source address that you permit traffic from the subnet configured on that interface.

 

HTH

Rick
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Richard Burts

‎05-21-2021 11:07 AM

I am glad that my suggestion was helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card