I have a strange situation,
one of my customer is experiencing an issue which relates to DHCP on an ASA
The ASA is currently on 8.4.(4), problem he is facing is when a Client (I Phone or IPAD)
try to connect, intermittent they doesn’t get the IP address assign from the DHCP server.
Only the wlan controller receives an address
Unfortunately I cannot provide lot of details regarding the Pcaps or show run.
Anyone had same kind of issue previously
I upgraded three ASAs (1 5505 and two 5510) to 8.4(4)3 and on all three ASAs which were providing DHCP services to connected networks stopped working. Users could not get DHCP addresses from the ASAs running 126.96.36.199.
I did packet captures from the desktop, basically I see the DHCP requests leaving the desktop, but no replies from the ASA.
I downgraded the ASA to 8.4(4)1 and DHCP immediately starting working again.
I rolled back to 188.8.131.52. DHCP failed again. Downgraded the ASA to 184.108.40.206, then DHCP started working again.
Looks like a bug with ASA 220.127.116.11 and DHCP.
So I'm sticking with 18.104.22.168 for now.
Sent from Cisco Technical Support iPhone App
Thanks for the reply, unfortunately my customer is also on the 8.4(4).1
So no luck there either. But thank you for your reply.
With kind regards,
I had a similar problem with VPN clients not receiving an IP address from DHCP after upgrading from 8.4(2) to 8.4(5). I went back and forth with TAC for a few weeks and we narrowed it down to an identity NAT (nat exemption) statement for the VPN clients that required the route-lookup option to be checked.
I have an issue which may be related.
After having changed the internal gateway equipment, the DHCP requests emitted by the ASA remain to the removed gateway interface MAC address whereas the ASA makes ARP requests and gets the new GW interface MAC address correctly.
Did you get the dhcp issue fixed?
We are having the excact same problem on version 8.3(2)4.
The ASA's are connected to a gateway cluster. When a fail over occurs in the cluster, all arp tables are updated on the ASA's. DHCP requests from vpn clients to an internal DHCP server, are still being sent to the mac address of the old gateway interface, even though the arp tables has been updated with the new mac address.
It seems that the dhcp realy/proxy function is using old cashed information instead of the arp table.
Here is the link to the BugID:
Still not fixed for the moment.
The work-arounds are:
- disconnect all the remote access sessions issuing the command 'vpn-sessiondb logoff'
- reboot the ASA.
For my part, as I am working with ASA in failover, I have failed over to the standby (secondary) unit, then I have rebooted the primary unit.