PIX VPN DHCP Relay not relaying DHCP packets

pts.
Tags:
Administration
Cisco
DHCP
DNS
Firewalls
Forensics
Incident response
Installation
Intrusion management
IT architecture
Management
Network security
Networking
Networking Equipment
Networking services
Routers
Security
Service and support
VPN
Wireless
Hi, I've setup a VPN across 2 PIX506e's using primarily the PDM software. IT is a very basic setup using PDM. I also needed DHCP relay to relay from clients on pix B to pixA and then the dhcp server. So I add in the DHCP relay server address on pixB and point to the relevant IP over the outside interface. When I monitor the request it gets as far as the outside interface on PIX A but doesn't travers to the inside interface. I tried to fix this by adding in various dhcprelay option to PIXA, but no luck. Am I missing something? Thanks for any help, Rob.

Answer Wiki

Thanks. We'll let you know when a new response is added.

If your VPN is up all of the time is there a reason why you aren’t pointing your DHCP relay directly to the DHCP server?

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Rgoulding
    The VPN is up all the time and I am always pointing the DHCP relay agent to the DHCP server. My problem is that the DHCP request packets originating from the client are only reaching as far as the outside interface on the second pix, therefore not reaching the DHCP server. Thanks, Rob.
    0 pointsBadges:
    report
  • 3wsparky
    do you have any acls on the equipment you have set up eg. denying anything without an ip address ? or denying bcasts ?
    0 pointsBadges:
    report
  • Ajay42usa
    Most probably, you must configure a rule to allow DHCP-Relay traffic (Port 67) explicitly. Please run debug to see whether the Firewall is dropping any of those packets. -Ajay
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following