Firewall Wizards mailing list archives
Re: Followup: An interesting VPN problem
From: Luke Butcher <luke.butcher () alphawest com au>
Date: Wed, 03 Sep 2003 08:36:42 +1000
On Tue, 2003-09-02 at 01:51, Jonas Anden wrote:.
One comment though: I'm also using dhcp relaying for the IP address assignments. Strange enough; the relayed DHCP does *not* go through the tunnel (bypassing routing rules). So I had to set up a two-step relaying; the remote pix relays to the external IP of the local pix, which has relays into the local dhcp server.
For what it's worth, I have seen problem doing DHCP relay over a VPN tunnel. After much discussion with Cisco the solution was to upgrade to the bleeding edge at the time (12.2.16). That however was on an 803 using IOS. There maybe similar problems on the PIXes. Also the setup was slightly different to yours in that, at the remote end, net traffic was going straight out, the VPN was only for private address space. Basically the vpn crypto match was occuring before the DHCP broadcast request was converted to a directed broadcast. Hence it was being pushed out to the net and never getting a reply. Maybe some food for thought. Luke Butcher Network/Security Consultant -- Alphawest Disclaimer --------------------------------------------------------------------------- If this communication is not intended for you and you are not an authorised recipient of this email you are prohibited by law from dealing with or relying on the email or any file attachments. This prohibition includes reading, printing, copying, re-transmitting, disseminating, storing or in any other way dealing or acting in reliance on the information. If you have received this email in error, we request you contact Alphawest immediately by returning the email to postmaster () alphawest com au and destroy the original. This email is confidential and may contain privileged client information. Alphawest has taken reasonable steps to ensure the accuracy and integrity of all its communications, including electronic communications, but accepts no liability for materials transmitted. ---------------------------------------------------------------------------
Current thread:
- Followup: An interesting VPN problem Jonas Anden (Sep 02)
- Re: Followup: An interesting VPN problem Luke Butcher (Sep 02)