Hi Randy,

mithun.murali · ‎12-23-2015

Hi

Firewall : Cisco ASA 5555 with Software Version 9.2(4)

I have configured a Cisco anyconnect profile on my ASA with dhcp server as my infoblox grid member.The set up was working fine till last week when I had to reboot the ASA box.Now it won't issue IP's to my vpn clients.Tried all possible ways.But no luck

Below is the config

group-policy testdhcp internal
group-policy testdhcp attributes
dhcp-network-scope 10.60.64.0

tunnel-group testdhcp type remote-access
tunnel-group testdhcp general-attributes
default-group-policy testdhcp
dhcp-server x.x.x.x
tunnel-group testdhcp webvpn-attributes
group-alias testdhcp enable

rvarelac · ‎12-23-2015

Hi Mithun,

I think the following commands will be helpful to troubleshoot this issue:

debug dhcprelay packet
debug dhcprelay event

Enjoy the holidays!

-Randy-

mithun.murali · ‎12-24-2015

Hi Randy,

Merry X'Mas

I couldn't get the result of above debugs .And I believe its because I don't have a relay config on my ASA.DHCP server is an Infoblox device and its on the Inside interface of ASA (connected to same switch where ASA Inside interface is connected).

I have attached a general debug log that I captured and below are the IP details.

DHCP Server : 161.228.222.135

ASA Inside:161.228.37.250

ASA Outside :193.242.224.250

Regards

Mithun

rvarelac · ‎12-29-2015

Hi Mithun,

There is not much we can see on the "Show logging" provided. I think a packet-capture would be better to troubleshoot this issue and check the DORA process between the ASA and the DHCP server.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/110117-asa-capture-asdm-config.html

https://supportforums.cisco.com/document/69281/asa-using-packet-capture-troubleshoot-asa-firewall-configuration-and-scenarios

-Randy-

Cisco ASA AnyConnect client fails to get IP from remote DHCP Server (Infoblox)