|
Question : Cisco PIX 501 DHCP Client problems
|
|
I'm trying to set up a PIX 501 (running pix os ver 6.3) as the firewall on my home network (dynamic ip cable modem with comcast).
My problem is that the PIX DHCP client is unable to obtain an ip address from the comcast servers.
Some details:
- My linksys wireless 802.11b/4 port ethernet router is able to obtain DHCP information from comcast with no difficulty
- When I plug the PIX into the above router it has no difficulty obtaining DHCP information
- The PIX is setup in the default factory configuration (I've only changed the name (to fw-GS) and installed/configured PDM ver 3.0)
I tried getting help from comcast and they couldn't/wouldn't help much other than to say that:
"The only ports that may be actively blocked on the Comcast network are 67, 68, 137, 138, 139, 512, 520, and 1080"
It doesn't seem like that would matter but I don't know.
I've run some debugging info it is attached here (the debug info for the firewall obtaining a ip from comcasts servers is a bit messy and possibly incomplete, let me know if you need any additional info):
Working Router Debug info:
This is the debug info from when the firewall was trying to obtain an ip address from my router (router ip address 10.10.10.220)
w-GS(config)# debug dhcpc packet
fw-GS(config)# ip address outside dhcp
DHCP: delete ip lease for interface outside
DHCP: deleting entry a93874 10.10.10.102 from list
Temp IP addr: 10.10.10.102 for peer on Interface: outside
Temp sub net mask: 255.255.255.0
DHCP Lease server: 10.10.10.220, state: 3 Bound
ssh timeout 5 IP addr: 0.0
DHCP transaction id: 0xDB8431ace: unknow
Lease: 604800 secs, Renewal: 302400 secs, Rebind: 529200 secs
global (outside) 1 int
Temp default-gateway addr: 10.10.10.220er att
dhc
Next timer fires after: 227712 seconds
Retry count: 0 Client-ID: cisco-000d.bda1.8a9d-outsideore --->
DHCP Le
DHCP: SDiscover: sending 272 byte length DHCP packet
DHCP: SDiscover 272 bytes
DHCP Broadcast to 255.255.255.255 from 0.0.0.0
DHCP client msg received, fip=10.10.10.220, fport=67
DHCP: Received a BOOTREP pkt
DHCP: offer received from 10.10.10.220
DHCP: SRequest attempt # 1 for entry:
DHCP: SRequest- Server ID option: 10.10.10.220
DHCP: SRequest- Requested IP addr option: 10.10.10.102
DHCP: SRequest placed lease len option: 604800
DHCP: SRequest: 290 bytes
DHCP Broadcast to 255.255.255.255 from 0.0.0.0dhcp client discover already in progress
DHCP client msg received, fip=10.10.10.220, fport=67
DHCP: Received a BOOTREP pkt
DHCP Proxy Client Pooling: ***Allocated IP address: 10.10.10.102....dhcp client discover already in progress
dhcp client discover already in progress
DHCP: allocate request
Allocated IP address = 10.10.10.102, netmask = 255.255.255.0, gateway = 10.10.10.220
Not working comcast server debug info:
This is a section of the debug info from when the firewall was trying to obtain an ip address from the comcast servers.
When I plug my router into the modem instead of the pix, it has no problems obtaining DHCP information.
The ip address for the comcast servers is (I'm going from memory, if you want the exact address let me know) 67.xxx.xxx.xxx
DHCP: QScan: Purgin
DHCP: zapping entry in DHC_PURGING state for outsidey aa7174 0.0.0.0 from l
DHCP Lease server: 0.0.0.
DHCP: new entry. add to queuedr: 0.0.0.0 for peer on Inte
DHCP: SDiscover attempt # 1 for entry:41844F: QScan: Timed out Sel
Temp sub
DHCP: SDiscover: sending 272 byte length DHCP packet Lease server: 0.0.0.0, state: 8 Purgingt addr: exi
DHCP: SDiscover 272 bytes 2 seconds DHCP transac
DHCP Broadcast to 255.255.255.255 from 0.0.0.0t-ID: cisco-000d.bda1.8a9d-outside secs, Rebi
DHCP client msg received, fip=10.138.128.1, fport=67: SDiscover: sending 272 byte length DHCP packet R
DHCP: Received a BOOTREP pkt Not for us..: xid: 0x5C76374cover 272 bytesreceived, fip=10.138.128.
DHCP Broadcast to
DHCP client msg received, fip=10.138.128.1, fport=67eceived a BOOTREP pkt
DHCP client msg received, fip
DHCP: SDiscover attempt # 2 for entry: 0.0.0.0, state: 1 Selecting Lease: 0
DHCP: SDiscover: sending 272 byte length DHCP packetaction id: 0x341844Fnt-ID: 0x9e6efc..
Next timer
DHCP: SDiscover 272 bytesal: 0 secs, Rebind: 0 se
DHCP Broadcast to 255.255.255.255 from 0.0.0.00d.bda
Next timer fires after: 2 secondsot
DHCP client msg received, fip=10.138.128.1, fport=67 Client-ID: cisco-000d.bda1.8a9d-outsidemmand failed
DHCP: Received a BOOTREP pkt Not for us..: xid: 0x26077DE6over: sending 272 byte length DHCP packetto 255.255.255.255
DHCP client msg received, fip=10.138.128.1, fport=672 bytesDHCP client msg received,
DHCP Broadcast to 2
DHCP client msg received, fip=10.138.128.1, fport=67
Temp IP addr: 0.0.0.0 fo
Temp IP addr: 0.0.0.0 f
DHCP: Received a BOOTREP pkt Not for us..: xid: 0x62FF3E5E sub net mask: 0
N
Temp sub net mask: 0.0.0.0ondsDHCP
DHCP: allocate requestHCP Lease server: 0.0.
DHCP: zapping entry in DHC_PURGING state for outside transaction id: 0x
DHCP transaction id: 0x341C53
DHCP: new entry. add to queue byt
Lease: 0 secs, Renew
DHCP: SDiscover attempt # 1 for entry:6
DHCP: SDiscover 272 bytesfter
DHCP: SDiscover: sending 272 byte l to 255.25
DHCP Lea
Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secsface: outside seconds8.
Retr
DHCP transaction
No timer running sub net mask: 0.0
Retry count: 0 Client-ID:
DHCP Lease server: 0.0.0.0
DHCP: SDiscover attempt # 3 for entry:er: sendin
No timer runnin
DHCP
DHCP: SDiscover: sending 272 byte length DHCP packet
DHCP
Lease: 0 secs, Renewal: 0 secs, Rebind: 0
DHCP: SDiscover 272 bytes255.255 from 0.0.0.0: QSc
DHCP Broadcast to 255.255.255.255 from 0.0.0.0 pkt Not for us..: xid: 0xB726
Retry count
DHCP: allocate request000d.bda1.8a9d-outside
DHCP: zapping entry in DHC_PURGING state for outsideocate
DHCP: SDiscover: sending 272 byte length DHC
DHCP: new entry. add to queueccan: Timed out Selecting sta
DHCP: SDiscover attempt # 1 for entry: in DHC_PURGI
DHCP Broadcast to 255.25
DHCP: SDiscover: sending 272 byte length DHCP packet new entry. add to queueting
DHCP: SDiscover attemp
DHCP: SDiscover 27e
Temp sub net mask: 0
DHCP: QScan: Timed o
DHCP transaction id: 0x344C284 0.0.0.0, state: 1 Sel
DHCP: allo
Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secsisting ip lease str = 0xaac52c0x5E6F78E6....
DH
DH
No timer running secs,
DHCP: zappin
Retry count: 0 Client-ID:r outsideed, fip=10.138.128.1,
DHCP: SDiscover attempt # 3 for entry:w entry. add to queue
DHCP: Received a
DHCP: SDiscover: sending 272 byte length DHCP packet.8a9d-outside Selecting st
DHCP: SDiscover attempt #
DHCP: SDiscover 272 bytes: SDiscover: sending 272
DHCP client msg received, fip=10.138.128.1, fport=67
DHCP: Received a BOOTREP pkt Not for us..: xid: 0x88DE3067
DHCP client msg received, fip=10.138.128.1, fport=67
DHCP: Received a BOOTREP pkt Not for us..: xid: 0x88DE3067
DHCP: SDiscover attempt # 2 for entry:
DHCP: SDiscover: sending 272 byte length DHCP packet
DHCP: SDiscover 272 bytes
DHCP Broadcast to 255.255.255.255 from 0.0.0.0
DHCP client msg received, fip=10.138.128.1, fport=67
DHCP: Received a BOOTREP pkt Not for us..: xid: 0xA13D027En
DHCP client msg received, fip=10.138.128.1, fport=67
DHCP: Received a BOOTREP pkt Not for us..: xid: 0xA13D027Eo debug
DHCP: SDiscover attempt # 3 for entry:
DHCP: SDiscover: sending 272 byte length DHCP packet
DHCP: SDiscover 272 bytes
DHCP Broadcast to 255.255.255.255 from 0.0.0.0dhcpc
DHCP: allocate request
DHCP: zapping entry in DHC_PURGING state for outside
DHCP: new entry. add to queue
DHCP: SDiscover attempt # 1 for entry:
DHCP: SDiscover: sending 272 byte length DHCP packet
DHCP: SDiscover 272 bytes
DHCP Broadcast to 255.255.255.255 from 0.0.0.0packet
Thank you in advance!
|
Answer : Cisco PIX 501 DHCP Client problems
|
|
Then, it may be as PennGwyn suggests, that Comcast's system is holding the MAC address of your router.
You may have to call them and give them a new MAC address, or -- power off the modem for about 5 minutes, hook up the PIX and let it boot up, then power up the modem and then see if it gets an IP address..
|
|
|
|
|
