Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
613
Views
5
Helpful
4
Replies

DHCP passing through PIX (FWSM)

p.danielsen
Level 1
Level 1

‎02-02-2007 11:11 AM - edited ‎03-11-2019 02:28 AM

Hi,

Any one tried to configure a PIX firewall to proxy DHCP request through.

I have a Central DHCP Server, and I want to use it for our clients placed on a other network, the only connection between the to networks a trough a PIX firewall.

Illustrated.

DHCP Server <-> MPLS <-> PIX <-> MPLS <-> DHCP Clients

Best Regards

Peter

Labels:
0 Helpful
4 Replies 4

sachinraja
Level 9
Level 9

‎02-03-2007 04:46 PM

Hello peter,

I'm really not sure if anyone would have even attempted such scenario !!!! DHCP requests are basically broadcasts which work well on a single subnet.. if you have multiple subnets on the LAN, you can obviously use the "helper addresss" to transport it to the other subnets.. But with your case, there is a PIX, WAN etc which will not transport this broadcast !!!

Have a local DHCP server.. you also have a lot of switch/router which supports DHCP.. you can configure any local switch or router as a DHCP server and finish it off !!!

Hope this helps.. all the best..

Raj

0 Helpful

p.danielsen
Level 1
Level 1
In response to sachinraja

‎02-03-2007 10:57 PM

Hi Raj,

My plan was to use ip-helper on all client interfaces, But ...

So the real question is, has anyone tryed the senario, when Client networks are placed on on side of a PIX Firewall, and servers are placed on anoter side,

There is no servers/clients connected directly on the same subnet as the pix, there for ip-helper would be used on client interfaces, ip-helper will point to the central DHCP Server, only issue ? there is a PIX ind the middel ?

I know is?t posible to use the local DHCP server, om Switchs/Routers, but for this task i need it to be the central DHCP server ..

Best Regards

Peter

0 Helpful

sachinraja
Level 9
Level 9
In response to p.danielsen

‎02-04-2007 02:42 PM

Hello Peter,

If you want to pass DHCP requests through a PIX firewall, you need to configure DHCP relay on the PIX... this is the only way you can do it.. you can refer to the following DOC for this:

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008075fcfb.shtml

Are there any access-list on the inside of your PIX ?? If so, you might need to allow DHCP Ports (UDP 67, 547/546 UDP) to pass through !!!

You can have a look at all the known port numbers here:

http://www.iana.org/assignments/port-numbers

Hope this helps.. all the best. rate replies if found useful..

Raj

Communications
Level 1
Level 1
In response to sachinraja

‎03-13-2007 10:45 AM

Hi

I am also trying to pass DHCP packets across a PIX, I configured DHCP relay and clients directly connected to the PIX received DHCP addresses but clients the other side of a router are not getting addresses I have allowed 67,68 through the PIX but not 547/546 we are using IP v4. Using Debug on the Router I can see encapuslation errors the client interface has encapsulation 802.1Q with Sub interfaces and a ip helper address but the other interface connected to the PIX does not have 802.1Q encapsulation.

Any Help gratefully received.

Mike

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card