ASA local pool address lease order?

Anyone have a clue in which way the ASA offer its IP address from a local pool? Is it a round robin or from the bottom up. I did try to lower the lease time to have the ASA reuse it's address from the 'bottom' of the pool range, but it still provide a new IP address, like a round robin. Do anyone know if it is possible to configure the way ASA deliver IP addresses in the local IP pool? I ask to try understand the ASA, not because it's a real problem. I don't know of any 'rule' saying that it's wrong to allocate IP address as round robin, but it's not what I'm use to see from dhcp-servers. Maybe this is a 'pool'-thing.

Regards
- Pelle

Comments

  • <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">





    Pelle,



        In what scope are you referring to, easy vpn client address
    assignment?



    Brian McGahan, CCIE #8593 (R&S/SP/Security)

    [email protected]

     

    Internetwork Expert, Inc.

    http://www.InternetworkExpert.com

    Toll Free: 877-224-8987 x 705

    Outside US: 775-826-4344 x 705

    Online Community: http://www.IEOC.com

    CCIE Blog: http://blog.internetworkexpert.com






    pelle wrote:

    Anyone have a clue in which way the ASA offer its IP address from
    a local pool? Is it a round robin or from the bottom up. I did try to
    lower the lease time to have the ASA reuse it's address from the
    'bottom' of the pool range, but it still provide a new IP address, like
    a round robin. Do anyone know if it is possible to configure the way
    ASA deliver IP addresses in the local IP pool? I ask to try understand
    the ASA, not because it's a real problem. I don't know of any 'rule'
    saying that it's wrong to allocate IP address as round robin, but it's
    not what I'm use to see from dhcp-servers. Maybe this is a 'pool'-thing.

    Regards

    - Pelle







    Internetwork Expert - The Industry Leader in CCIE Preparation

    http://www.internetworkexpert.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx

  • Hi Brian

    Yes, it's when you connect with a VPN client and the client get it's IP address from the local pool configured in the ASA. To me it looks like its a round robin function (not first availably as in all (most) DHCP servers). I know the the local pool is not the same as a DHCP server, but from the end-user-view its an IP assignment as if it was there DHCP server. It's good to know how the IP assigment really works when it comes to troubleshooting, thats why I'm asking.

    Regards
    - Pelle

  • Although i never seen it explicitly documented, so far DHCP and dynamic address pools in IOS were using round-robin address allocation (as you can see using the debugging commands). The same thing holds true for the ASA appliance (dhcp/ip address pool). With ip address pools on IOS that makes sense since you can use show commads to see the recently used and returned IP addresses and the username that was allocated the ip address (show ip local pool). Using round-robin allocation will preseve this information as long as possible.

    --

    Petr

    ----- Original Message -----From: "pelle" Sent: Fri, July 11, 2008 5:51Subject: Re: [CCIE Sec] ASA local pool address lease order?

    Hi Brian
    Yes, it's when you connect with a VPN client and the client get it's IP address from the local pool configured in the ASA. To me it looks like its a round robin function (not first availably as in all (most) DHCP servers). I know the the local pool is not the same as a DHCP server, but from the end-user-view its an IP assignment as if it was there DHCP server. It's good to know how the IP assigment really works when it comes to troubleshooting, thats why I'm asking.
    Regards- PelleInternetwork Expert - The Industry Leader in CCIE Preparation
    http://www.internetworkexpert.com

    Subscription information may be found at:
    http://www.ieoc.com/forums/ForumSubscriptions.aspx
Sign In or Register to comment.