DHCP passing through PIX (FWSM)

Unanswered Question
Feb 2nd, 2007

Hi,

Any one tried to configure a PIX firewall to proxy DHCP request through.

I have a Central DHCP Server, and I want to use it for our clients placed on a other network, the only connection between the to networks a trough a PIX firewall.

Illustrated.

DHCP Server <-> MPLS <-> PIX <-> MPLS <-> DHCP Clients

Best Regards

Peter

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
sachinraja Sat, 02/03/2007 - 16:46

Hello peter,

I'm really not sure if anyone would have even attempted such scenario !!!! DHCP requests are basically broadcasts which work well on a single subnet.. if you have multiple subnets on the LAN, you can obviously use the "helper addresss" to transport it to the other subnets.. But with your case, there is a PIX, WAN etc which will not transport this broadcast !!!

Have a local DHCP server.. you also have a lot of switch/router which supports DHCP.. you can configure any local switch or router as a DHCP server and finish it off !!!

Hope this helps.. all the best..

Raj

p.danielsen Sat, 02/03/2007 - 22:57

Hi Raj,

My plan was to use ip-helper on all client interfaces, But ...

So the real question is, has anyone tryed the senario, when Client networks are placed on on side of a PIX Firewall, and servers are placed on anoter side,

There is no servers/clients connected directly on the same subnet as the pix, there for ip-helper would be used on client interfaces, ip-helper will point to the central DHCP Server, only issue ? there is a PIX ind the middel ?

I know is?t posible to use the local DHCP server, om Switchs/Routers, but for this task i need it to be the central DHCP server ..

Best Regards

Peter

sachinraja Sun, 02/04/2007 - 14:42

Hello Peter,

If you want to pass DHCP requests through a PIX firewall, you need to configure DHCP relay on the PIX... this is the only way you can do it.. you can refer to the following DOC for this:

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008075fcfb.shtml

Are there any access-list on the inside of your PIX ?? If so, you might need to allow DHCP Ports (UDP 67, 547/546 UDP) to pass through !!!

You can have a look at all the known port numbers here:

http://www.iana.org/assignments/port-numbers

Hope this helps.. all the best. rate replies if found useful..

Raj

Communications Tue, 03/13/2007 - 10:45

Hi

I am also trying to pass DHCP packets across a PIX, I configured DHCP relay and clients directly connected to the PIX received DHCP addresses but clients the other side of a router are not getting addresses I have allowed 67,68 through the PIX but not 547/546 we are using IP v4. Using Debug on the Router I can see encapuslation errors the client interface has encapsulation 802.1Q with Sub interfaces and a ip helper address but the other interface connected to the PIX does not have 802.1Q encapsulation.

Any Help gratefully received.

Mike

Actions

This Discussion