Cisco Firewall :: ASA 5505 / DNS Not Resolving To New Machines On Network After Increasing DHCP?

Aug 14, 2012

I am having a very strange issue with connecting new machines to reach the internet.We have a ASA 5505 which the previous tech configured the DHCP pool to -
We ended up reaching our limit which I changed it to: - 192.168.187
Then next day when I arrived to work, our DC was hung from windows updates. Once we got everything back up, every computer currently on the network can reach the internet/VPN tunnels etc. So (continuing with my day) I created a new server in a VM (Hyper-V)I can ping everything internally (even the router), but I cannot resolve DNS. I have configured a static IP, tried Dynamic IP.I have looked for any ACL indicating to block outside the range of the old DHCP pool but no luck.On my local maching I can ping the DNS addresses, but just not on the new server.

Increasing Number Of Addresses And Dhcp Address Range

Dec 2, 2011

A small network and uses the Linksys Router BEFSR81 as dhcp.the default Number of addresses is 50 and starts to new Cisco IP Phone just introduced requires ip addresses and have noticed running out of addreses.Can I increase the number to 120 so that the address range would start from to, also, I have a VPN device which automatically configures itself for address and this is /24 network configuration.

Cisco Firewall :: ASA 9.0.1 - Reverse DNS Resolving

Dec 22, 2012

After upgrade to 9.0.1 from 8.4 I have problems with reverse dns resolving, like this:

named[2679]: DNS format error from resolving 82.64/ for client question section mismatch: got

Only solution I found is to disable inspect dns, which is not very good.

Cisco :: 5508 Virtual Machines With Bridged Connection / No IP From DHCP?

May 31, 2011

We are experimenting with virtual machines running on some laptops here as part of a future deployment.Equipment in use:

-5508 WLC
-1262 LWAP
The actual operating system has no issues connecting to the wireless. When you start the virtual machine on any client machine (OSX, Win 7, Win XP, anything) it is unable to get an IP through an external DHCP server when the VM is set up to use a bridged connection.This works fine with Autonomous access points and over cable all mapped to the same VLAN. Helper addresses are configured on the VLAN.Is this a limitation of the WLC where it cannot provide more than one IP address per MAC? Is it a limitation of CAPWAP? Or is there an option to turn of DHCP snooping (which I suspect to be the cause of the issue)?

Cisco Firewall :: ASA 5505 DHCP With MAC IP

May 10, 2012

I'm using an ASA5505 with dhcpd.but i want to assign a specific IP address from the configured dhcp range to a specific PC.Is it possible to bind a specific ip to this particular PC's MAC address.

Cisco Firewall :: Resolving Drop During Port Forwarding On ASA5500

Jan 10, 2012

I am attempting to port-forward on an ASA 5500 to internal host .100. The outside interface recieves its IP via DHCP. Packets are being denied so I ran packet-tracer and get the following error from outside to ssh port on internal host.
#packet-tracer input outside tcp 79.x.x.x 1025 71.x.x.x ssh
 Phase: 1
Result: ALLOW

Cisco Firewall :: Nat With Asa 5505 9.1x Comcast Dhcp?

May 17, 2013

Well its in this line but do i have to type in a ip even if comcast is giving me a dhcp address?

route outside any 1 
hostname asa1
enable password rwt5UQJihEq2/Qae encrypted
interface Vlan1


Cisco Firewall :: 3560G - Using ASA 5505 As DHCP

Dec 4, 2011

I am opening a small branch office in another state and the equipment we purchased is as follows:
We'll use a site to site vpn but just in case there's connectivity issues I'd like to use the ASA as DHCP. So far I have a scope defined in the ASA and if I plug a laptop directly in I get an applicable IP address. I trunked the port on the switch that goes to the ASA but not the one on the ASA itself (license restriction) The VLAN that I'm using for my PC's has an ip helper address that is assigned to the inside IP of the ASA.

Cisco Firewall :: Configure Multiple Dhcp On ASA 5505?

Dec 23, 2011

I want to configure multiple DHCP pool on ASA. that I create like
int e0/2
no shut
interface Ethernet0/2.10vlan 10nameif inside10security-level 100ip address
interface Ethernet0/2.20vlan 20       nameif inside20 security-level 100ip address
dhcpd address inside10dhcpd dns x.x.x.x  y.y.y.y interface inside10dhcpd enable inside10
dhcpd address inside20dhcpd dns h.h.h.h  z.z.z.z interface inside20dhcpd enable inside20
I have following query...
1. int e0/2 work as trunk port, is it?  any special confiduration require other than dot1Q?
2. How can I configure inside interface?  is it like,

    access-group inside_access_in_1 in interface inside10
    access-group inside_access_in_1 in interface inside10
3. How can I configure static NAT ?
4. How can i configured inside route?
5. How can I configured default NATing?
6. On which interface I access ASA? currently using inside interface.

Cisco Firewall :: ASA 5505 And 5510 DHCP Limitations?

Nov 17, 2011

Our company is planning to buy one of cisco ASA 55xx series.But there is still one question left about DHCP pool limitations.Here I found some information about licensing for DHCP on ASA 5505: [URL]In other words, we don't have any information about ASA 5510, which contains DCHP pool licensing.

Cisco Firewall :: DHCP Server Won't Enable - ASA 5505

Nov 1, 2012

I get the following message when appling "DHCPD ENABLE INSIDE"                  
DHCP: Interface 'INSIDE' is currently configured as CLIENT and cannot be changed to a SERVER by a SERVER feature
 This is an ASA 5505 Running 8.2.

Cisco Firewall :: ASA 5505 / Unable To Get Internet When Using DHCP?

Jun 28, 2011

I found a tricky task for our ASA 5505 firewall. I am not able to go internet when using DHCP but I can access by using fixed IP address in client PC.Same IP, Same Mask, Same DNS, Same Gateway. All the same but no hope. Any configuration i missed in firewall?

Cisco Firewall :: 5505 Doesn't Recognize Ip Address Dhcp

Apr 16, 2013

my 5505 running on version 8.2.5 doesn't seem to recogize the simple command "ip address dhcp setroute......"
ciscoasa(config-if)# ip address dhcp
ERROR: % Invalid Hostname
ciscoasa(config-if)# ip address ?  
configure mode commands/options:  Hostname or A.B.C.D  Firewall's network interface address

Cisco Firewall :: ASA 5505-ISP Providing DHCP And Separate IP Block

Mar 12, 2011

I have a ASA 5505 that I have been using for a while, but a new ISP is trying to configure my service so that the outside interface has to be configured as DHCP to receive a reserved IP address, and then they will route a separate, non-contiguous block of addresses to that address.
Essentially, they have a DHCP reservation for for my ASA, and then they have as a separate block routed to me.
Obviously, I can do my static NAT translations using outside as the address, but I cannot get the separate block of addresses to route through the ASA. Is there a way to do this and get them to work? My ASA is running 7.2(2)

Cisco Firewall :: Multiple DHCP Pool Configuration On ASA 5505

Oct 4, 2012

I want to configure multiple DHCP configuration on ASA 5505. I tried to create sub interface for different IP Pool but it was not configure on ASA 5505. is it possible to create subinterface on ASA 5505?
ASA 5505 IOS version: 8.3(1)
License: Security Plus

Cisco Firewall :: ASA 5505 / ACL To Allow Email Traffic Only To DHCP Clients?

Nov 14, 2011

So here's what I think I should do to give email access only to a segment of addresses of my inside network.
1) Create a network object for 62 machines that will represent my dhcp clients.I plan to use So I will use address with netmask Then set DHCP server to service this address range.
2) Create an ACL which will Permit Any to use tcp port 110 (pop3) to get to the outside. Which leads me to question #1:
How do I permit the source "Any" to communicate with "Any Less Secure Networks" like the implicit rule that gets zapped once I create new ACL? Is "Any Less Secure Network" implied by the "Any" destination?
3) Create an ACL which will Deny my DHCP range to talk to the outside.
4) Create an ACL which will Permit Any to talk to Any Less Secure Network(essentially recreating the implicit Permit ACL that got zapped).

Cisco Firewall :: 5505 - Opening Ports On DHCP Outside ASA Interface

Feb 25, 2011

I am used to setting up access-lists on outside interfaces with ip addresses that are static. I have recently been given a site that is using a client for name to ip address resolution on an outside interface that is dhcp assigned. I created an access-list to open up ports 41794 and 41795 to an engineering application but everytime I try to connect from the outside I get a syn timeout. The application works when inside the lan. Basically I want to allow outside connections from anywhere on the outside to go to ports 41794 and 41795. I am running a Cisco ASA 5505 on version 7.2(4) Below is my conifg. what I may have misconfigured?
: Saved:ASA Version 7.2(4)!names!interface Vlan1 nameif inside security-level 100 ip address!interface Vlan2 nameif outside security-level 0 ip address dhcp setroute!interface Ethernet0/0 switchport access vlan 2!interface


Cisco Firewall :: 5505 - Show Current IP Address Of Interface (dhcp)

May 8, 2012

Is there any way of showing the currently assigned ip address for an interface configured to use DHCP on an ASA 5505?

Cisco Firewall :: Configure DHCP Server On Inside Interface ASA 5505

May 9, 2012

We've just started with the ASA 5505. We do run a DHCP server on the inside interface, so it is in the same VLAN 1 as all of the clients. However, we cannot get it to work.We can't use DHCP Relay, as the ASA 5505 only allows to relay to DHCP servers in a different subnet.Or do we have to move the DHCP server to a different subnet. If so, how would we configure that scenario?

Cisco Firewall :: ASA 5505 Not Giving Out DHCP To Clients / Only Discovery Packet?

May 3, 2012

My ASA 5505 has stopped giving out DHCP address to my machines.Everything was working fine and nothing has changed in the network. I've reloaded the firewall and clear all DHCP on the firewall I've even re-entered the cmd on the ASA.
I'm able to staticlly assigned address to the clients and all is way. When I do a DHCP debug on the ASA I don't see any events relating to the DHCP service apart from checking for lease expiry.
I've also tried to plug a machine straight into the ASA and no result. I finally did a packet capture and I am seeing the client machine sending out a DHCP discover packet and nothing else is responding.
My ASA config is:
dhcpd address inside
dhcpd dns interface inside
dhcpd option 3 ip interface inside
dhcpd enable inside

Cisco Firewall :: ASA 5505 - Dual ISP SLA Track With Primary PPOE Secondary DHCP

Aug 25, 2011

Cisco ASA 5505 Security Plus 1 link with PPOE dialup for internet access
desirable situation: Primary link with a PPOE dialup Secondary Link with DHCP address Asignment
Problem: i want to configure Dual ISP Failover modus, but the problem exist when i configure  the ip sla syntax it looks good in the running config. but after a reload the secondary line becomes primary
It looks like the ppoe client authentication is busy when the ip sla tracking mechanism becomes active. can i tweak the settings that the ip sla tracking mechanism starts later?
What i the correct config for Dual ISP setup with primary PPOE and secondary DHCP

Home Network :: Increasing Network Card Wifi Signal?

Jan 30, 2013

In the bottom floor there are three computers, an iMac computer that receives an average wireless Internet signal, desktop computer and a laptop.I want to take care of the desktop computer and buy a network card, the next card:TP-Link TL-WN951NNow it has three antennas, each of its reception range is 2 dbiI should buy three of the 10 dbi antennas and connect them to the network card?It will give a good solution strong wireless signal and good speed?

Cisco Firewall :: 5510 - ASA Dispatch Unit Percentage Increasing

Jan 25, 2012

I have just noticed that my Cisco ASA 5510 cpu utilization increasing upto 30-35 % and when i issue sh processes cpu-usage, i have found dispatch unit occupied most of utilization.

View 4 Replies View Related

Broadband :: Bytes Not Increasing In Network

Jun 7, 2012

This has been happening of late. When i check the status of my Internet Connection I notice that the sent bytes will be more than 200 and received bytes will be low as 2 to 4

Increasing Bandwidth For Internal Network Not Internet?

Dec 4, 2012

ok i have setup a subnet on my uncles network on which i am running a domain with server 2008. i am using a dlink di 624 router and wanted to know if i upgraded to a 300mbps router would this increase the bandwidth within my network?i know i am limited to what i am receiving from my uncle who is also limited to what he is receiving from the ISP. im not worried about internet speed. i want to increase client to server speed for both lan and wireless.

Networking :: Subnetting Network DGND3700 For Increasing Performance

Apr 10, 2012

I wanna subnet my Network to increased performanced but im alil confused hereWhen looking at my ROUTER STATUS this is what i have.

gateway ip XX.XX.X.X
ip address

Which one of this ip addresses do i have to subbnet?,my router is a ,NETGEAR N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 Wireless router - 4-port switch (integrated) - EN, Fast EN, Gigabit EN, IEEE 802.11b, IEEE 802.11a, IEEE 802.11g, IEEE 802.11n.

Cisco Firewall :: Upgrade From 5505 To 5520 On Network - ASA Firewall Throughput

Feb 27, 2013

I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.

Can't Ping Other Machines On Same Network

May 9, 2012

Other machines on my network can't seem to be able to see my machine, but i can ping them all. It can't be anything to do with the authentication because i have just reformatted my machine and re-added my machine to the AD.

2222 - How To Browse Work Machines (behind Firewall) From Home

Feb 1, 2013

From home I would like to browse my intranet at work where I have a Linux box, which I will call "W", i.e. url...My router at home closes port 22 but maps port 2222 to port 22 on my server "S" which resolves to

My main machine at home, "M", is where I do my work from home. I thought this might work: [code] On M I tell firefox that S:6666 is the proxy for all sites like url...

So far my browser on M cannot find the intranet web sites with this scheme.How do I make this work? What can I use to debug this

Cisco Firewall :: ASA5505 Using Outside Interface To Connect To Multiple Machines Inside

Oct 28, 2011

I have been working on a configuration for single IP address (on outside ) of ASA5505.I am trying to utilize the outside address to PAT/NAPT to 10 inside machines [code]
What I am not sure of (actually that could be considered all encompassing) is the mapped services/real services.Any constructive comments assistance?

How To Create Network Bubble With 4 Machines

Apr 12, 2012

I need to create a network bubble..means..Let say I have 4 machines having IP address,, and (these are not actual IP's, using them just for explaining). These machines are connected to public network. At a given point in time, I need to isolate these machines from the public network in a way where - All these 4 machines can talk to each other using the assigned IP's. - These 4 machines cannot talk to any other nodes in the public network. no other machines outside these 4, will be able to ping these machines.

Cisco Wireless :: SG200-8 When Connected To Network / Cannot See Some Machines

Apr 5, 2013

I'm pretty sure there is a very simple fix.  When I am connected to my wireless network, I cannot see SOME connected machines.  I feel like I have a domain named incorrectly.  All of the items on my network are new...
Router - Cisco RV180
WLC - Cisco AIR-CT2504-K9
AP - Cisco AIR-LAP1041N-A-K9  <- 2 of these
The AP's are connected to Cisco SG200-8P, as is the 2504.The SG200-8P is connected to a Cisco SF302-8P, which is connected to the RV180 router.i don't have any separate VLANs setup (at least not on purpose)

Servers :: Add Machines To New Test Network Domain

Jan 17, 2012

how do I set up a test domain? I'm running Server 2008 std and have not gotten the DNS server configured right. I'm looking for a guide to take me through the process so I can experience success and get the feel of a working LAN.

