Firewall Wizards mailing list archives

RE: Cisco PIX DHCP relay via IPSEC

From: "Perrymon, Josh L." <PerrymonJ () bek com>
Date: Wed, 29 Oct 2003 16:23:15 -0600

Not sure why you don't do DHCP from the remote end unless you don't control
it...
It will be hard to get DHCP over the IPSEC unless you use GRE tunnels to
forward broadcasts..

So basically, the DHCP broadcast needs to get tunneled over IPSEC with GRE
to the main site.

But, I would try to do it on the remote end. I have lots of pixes doing it
and it works great...
With a small exception of leases not releasing sometimes so I like to change
that value.


-JP

-----Original Message-----
From: Wes Noonan [mailto:mailinglists () wjnconsulting com]
Sent: Wednesday, October 22, 2003 11:15 AM
To: 'Scot Kreienkamp'; firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] Cisco PIX DHCP relay via IPSEC


I don't believe that the PIX can pass DHCP/bootp, but don't hold me to that
(never tried it). The remote PIX could be configured to be a DHCP server
that you can manage however, and TFTP would easily pass through the VPN
tunnel so that might be another option to address your needs.

HTH and good luck.

Wes

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-
admin () honor icsalabs com] On Behalf Of Scot Kreienkamp
Sent: Wednesday, October 22, 2003 09:59
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Cisco PIX DHCP relay via IPSEC

Hi all,

I'm looking at using two PIX's to do site to site IPSEC via the
internet.  Because I don't control all the devices at the remote end one
of my requirements is that I be able to do DHCP/Bootp and TFTP from the
remote end to the head end via the IPSEC VPN. Does anyone know if the
PIX will be able to do this?

If anyone has a better product in mind that can accomplish this please
let me know, I'm not stuck on the PIX but I do need a workable solution
within the next few days.  Please don't say linux, I've already been
turned down there.  :)

Thanks!

Scot Kreienkamp
Scot () PC-SOS net

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Cisco PIX DHCP relay via IPSEC Scot Kreienkamp (Oct 22)
- RE: Cisco PIX DHCP relay via IPSEC Wes Noonan (Oct 23)
- <Possible follow-ups>
- RE: Cisco PIX DHCP relay via IPSEC Scot Kreienkamp (Oct 23)
- RE: Cisco PIX DHCP relay via IPSEC Scot Kreienkamp (Oct 23)
- RE: Cisco PIX DHCP relay via IPSEC Melson, Paul (Oct 24)
- RE: Cisco PIX DHCP relay via IPSEC Lagula, Cecil (Oct 24)
- RE: Cisco PIX DHCP relay via IPSEC Perrymon, Josh L. (Oct 30)
- RE: Cisco PIX DHCP relay via IPSEC Scot Kreienkamp (Oct 30)