Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Followup: An interesting VPN problem

From: Luke Butcher <luke.butcher () alphawest com au>
Date: Wed, 03 Sep 2003 08:36:42 +1000

On Tue, 2003-09-02 at 01:51, Jonas Anden wrote:.


One comment though: I'm also using dhcp relaying for the IP address
assignments. Strange enough; the relayed DHCP does *not* go through the
tunnel (bypassing routing rules). So I had to set up a two-step
relaying; the remote pix relays to the external IP of the local pix,
which has relays into the local dhcp server.



For what it's worth, I have seen problem doing DHCP relay over a VPN
tunnel.
After much discussion with Cisco the solution was to upgrade to the
bleeding edge at the time (12.2.16). That however was on an 803 using
IOS. There maybe similar problems on the PIXes. 

Also the setup was slightly different to yours in that, at the remote
end, net traffic was going straight out, the VPN was only for private
address space. Basically the vpn crypto match was occuring before the
DHCP broadcast request was converted to a directed broadcast. Hence it
was being pushed out to the net and never getting a reply.

Maybe some food for thought.


Luke Butcher
Network/Security Consultant
--


Alphawest Disclaimer

---------------------------------------------------------------------------
If this communication is not intended for you and you are not an authorised
recipient of this email you are prohibited by law from dealing with or
relying on the email or any file attachments. This prohibition includes
reading, printing, copying, re-transmitting, disseminating, storing or in
any other way dealing or acting in reliance on the information.
If you have received this email in error, we request you contact Alphawest 
immediately by returning the email to postmaster () alphawest com au and
destroy the original. This email is confidential and may contain privileged
client information. Alphawest  has taken reasonable steps to ensure the
accuracy and integrity of all its communications, including electronic
communications, but accepts no liability for materials transmitted.
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: