Home > IT Answers > Networking > PIX VPN DHCP Relay not relaying DHCP packets
Help

Question

  Asked: Apr 22 2005   12:13 AM GMT
  Asked by: rgoulding

PIX VPN DHCP Relay not relaying DHCP packets


Networking, Networking Equipment, Routers, Networking Services, DHCP, DNS, Security, Network security, Firewalls, VPN, Intrusion management, Incident response, Forensics, Wireless, Administration, Architecture/Design, Installation, Service and support, Cisco, Management

Hi,
I've setup a VPN across 2 PIX506e's using primarily the PDM software. IT is a very basic setup using PDM. I also needed DHCP relay to relay from clients on pix B to pixA and then the dhcp server. So I add in the DHCP relay server address on pixB and point to the relevant IP over the outside interface. When I monitor the request it gets as far as the outside interface on PIX A but doesn't travers to the inside interface.
I tried to fix this by adding in various dhcprelay option to PIXA, but no luck. Am I missing something?

Thanks for any help,
Rob.

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
Last Answered: Apr 22 2005  6:32 PM GMT  by astronomer




If your VPN is up all of the time is there a reason why you aren't pointing your DHCP relay directly to the DHCP server?
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Networking, Security and Microsoft Windows.

Looking for relevant Networking Whitepapers? Visit the SearchNetworking.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

rgoulding  |   Apr 25 2005  3:18AM GMT

The VPN is up all the time and I am always pointing the DHCP relay agent to the DHCP server. My problem is that the DHCP request packets originating from the client are only reaching as far as the outside interface on the second pix, therefore not reaching the DHCP server.
Thanks,
Rob.

 

3wsparky  |   Apr 25 2005  4:42AM GMT

do you have any acls on the equipment you have set up eg.
denying anything without an ip address ?
or denying bcasts ?

 

ajay42usa  |   May 5 2005  10:47AM GMT

Most probably, you must configure a rule to allow DHCP-Relay traffic (Port 67) explicitly. Please run debug to see whether the Firewall is dropping any of those packets.

-Ajay