Firewall Wizards mailing list archives
RE: Cisco PIX DHCP relay via IPSEC
From: "Scot Kreienkamp" <Scot () pc-sos net>
Date: Thu, 30 Oct 2003 08:17:25 -0500
As I said, I do not control everything at the remote end. There is a piece of hardware at the remote end that needs bootp/tftp and dhcp from a specific server at the head end, and there's nothing I can do to change that. If it weren't for that I would just do dhcp from the PIX. The only other alternative is a leased line with routers that are configured with the dhcp helper option. Rather costly for a medium sized business to get a leased line from Michigan to Florida.
From what I've heard so far from the list it should work. I've gone
ahead and submitted my idea, if I get to try it I'll send a follow-up to the list. Thanks for all your comments! Scot Kreienkamp Scot () PC-SOS net Phone: 419-872-2500 Fax: 419-831-8500 -----Original Message----- From: Perrymon, Josh L. [mailto:PerrymonJ () bek com] Sent: Wednesday, October 29, 2003 5:23 PM To: 'mailinglists () wjnconsulting com'; Scot W. Kreienkamp; firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] Cisco PIX DHCP relay via IPSEC Not sure why you don't do DHCP from the remote end unless you don't control it... It will be hard to get DHCP over the IPSEC unless you use GRE tunnels to forward broadcasts.. So basically, the DHCP broadcast needs to get tunneled over IPSEC with GRE to the main site. But, I would try to do it on the remote end. I have lots of pixes doing it and it works great... With a small exception of leases not releasing sometimes so I like to change that value. -JP -----Original Message----- From: Wes Noonan [mailto:mailinglists () wjnconsulting com] Sent: Wednesday, October 22, 2003 11:15 AM To: 'Scot Kreienkamp'; firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] Cisco PIX DHCP relay via IPSEC I don't believe that the PIX can pass DHCP/bootp, but don't hold me to that (never tried it). The remote PIX could be configured to be a DHCP server that you can manage however, and TFTP would easily pass through the VPN tunnel so that might be another option to address your needs. HTH and good luck. Wes
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards- admin () honor icsalabs com] On Behalf Of Scot Kreienkamp Sent: Wednesday, October 22, 2003 09:59 To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] Cisco PIX DHCP relay via IPSEC Hi all, I'm looking at using two PIX's to do site to site IPSEC via the internet. Because I don't control all the devices at the remote end one of my requirements is that I be able to do DHCP/Bootp and TFTP from the remote end to the head end via the IPSEC VPN. Does anyone know if the PIX will be able to do this? If anyone has a better product in mind that can accomplish this please
let me know, I'm not stuck on the PIX but I do need a workable solution within the next few days. Please don't say linux, I've already been turned down there. :) Thanks! Scot Kreienkamp Scot () PC-SOS net _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco PIX DHCP relay via IPSEC Scot Kreienkamp (Oct 22)
- RE: Cisco PIX DHCP relay via IPSEC Wes Noonan (Oct 23)
- <Possible follow-ups>
- RE: Cisco PIX DHCP relay via IPSEC Scot Kreienkamp (Oct 23)
- RE: Cisco PIX DHCP relay via IPSEC Scot Kreienkamp (Oct 23)
- RE: Cisco PIX DHCP relay via IPSEC Melson, Paul (Oct 24)
- RE: Cisco PIX DHCP relay via IPSEC Lagula, Cecil (Oct 24)
- RE: Cisco PIX DHCP relay via IPSEC Perrymon, Josh L. (Oct 30)
- RE: Cisco PIX DHCP relay via IPSEC Scot Kreienkamp (Oct 30)