Manuals+

DHCP サーバとして設定された ASA ではホストが IP アドレスを取得できない

DHCP サーバとして設定された ASA ではホストが IP アドレスを取得できない

PDF preview unavailable. Download the PDF instead.

116354-technote-asa-00 
DHCP  ASA   IP 

      

 DHCP  Cisco   ASA IP  




ASA   8.2.5       

DHCP  ASA  IP 

ASA  VLAN 6 VLAN 10DMZ2  2   DHCP   VLAN  PC  ASA  DHCP  IP 
q DHCP  q ASA  syslog  q ASA  DHCP DISCOVER 
 ASA OFFER   ASPASP  DHCP DISCOVER Slowpath security checks failed  "
ASA# capture asp type asp-drop all ASA# show capture asp
3 packets captured 1: 14:57:05.627241 802.1Q VLAN#10 P0 0.0.0.0.68 > 255.255.255.255.67: udp 300 Drop-reason: (sp-security-failed) Slowpath security checks failed 2: 14:57:08.627286 802.1Q VLAN#10 P0 0.0.0.0.68 > 255.255.255.255.67: udp 300 Drop-reason: (sp-security-failed) Slowpath security checks failed 3: 14:57:16.626966 802.1Q VLAN#10 P0 0.0.0.0.68 > 255.255.255.255.67: udp 300 Drop-reason: (sp-security-failed) Slowpath security checks failed

 IP   NAT  DHCP DISCOVER  255.255.255.255  NAT  
static (DMZ1,DMZ2) 0.0.0.0 0.0.0.0 netmask 0.0.0.0
 NAT 

ASA   DMZ2  DHCP DISCOVER  NAT  
tutera-firewall#packet-tracer input DMZ2 udp 0.0.0.0 68 255.255.255.255 67 detail ..... Phase: 2 Type: UN-NAT Subtype: static Result: ALLOW Configuration: static (DMZ1,DMZ2) 0.0.0.0 0.0.0.0 netmask 0.0.0.0 match ip DMZ1 any DMZ2 any static translation to 0.0.0.0 translate_hits = 0, untranslate_hits = 641 Additional Information: NAT divert to egress interface DMZ1 Untranslate 0.0.0.0/0 to 0.0.0.0/0 using netmask 0.0.0.0 Result:

input-interface: DMZ2 input-status: up input-line-status: up output-interface: DMZ1 output-status: up output-line-status: up Action: drop Drop-reason: (sp-security-failed) Slowpath security checks failed
iText 5.5.7 ©2000-2015 iText Group NV (AGPL-version)