PIX 501 DHCP problem

Unanswered Question
Feb 5th, 2007

This morning I was troubleshooting a VPN issue that I have been having with my SOHO connecting to a remote site.

My SOHO is connected as follows:

ISP (Verizon DSL) <--> WESTELL Modem <--> PIX 501 <--> LAN <--> PC

In order to determine if my PIX 501 firewall might be the cause of the problem, I bypassed the PIX firewall and connected the LAN from DSL modem directly to my PC (WINDOWS XP).

ISP (Verizon DSL) <--> WESTELL Modem <--> PC

This test was successful as it helped me determine that the PIX firewall was preventing my VPN connection from working correctly. That's the good news.

The bad news is that when I attempted to plug the etherent connection from the DSL modem to the PIX firewall I received the following error:

DHCP command failed

Warning: Start and End addresses overlap with broadcast address.

outside interface address added to PAT pool

I tried rebooting the PIX firwall several times with no success. When I perform a show IP route I get the following:

pixfirewall# sh ip route

System IP Addresses:

ip address outside 127.0.0.1 255.255.255.255

ip address inside 192.168.1.1 255.255.255.0

Current IP Addresses:

ip address outside 0.0.0.0 0.0.0.0

ip address inside 192.168.1.1 255.255.255.0

I am attaching a copy of my PIX firewall for your perusal.

I am not sure what to do about this error. I assume it is not a DSL issue since it works everytime I plug it into my PC. Anything that you can do to help would be greatly appreciated.

Thank you

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Fernando_Meza Mon, 02/05/2007 - 15:40

Hi .. what I think it could be happening is an IP overlaping between the pool of IP addresses distributed by the ADSL modem and the one configured on the internal interface of the PIX. To test this check what is the IP address you get when connecting directly the PC. If the range is also 192.168.1.X then that is the problem.

dhcpd address 192.168.1.10-192.168.1.14 inside

Note in your scenario I would recommend to use your ADSL modem on bridge mode so that the PIX is the one sending the credentials to your ISP .. normally this is done by configuring the PIX as PPPoE client. Then you can use the PIX for the DHCP allocation which is already configured.

Please refer to the below link for instruction about configuring the PIX as PPPoE client

I hope it helps .. please rate if it does !!!

loufed Mon, 02/05/2007 - 17:41

Hi. Thanks for the timely response. The IP address I am getting is a public IP address. I would be very interested in looking in setting up the PPPoE client but unfortunately there was no link. Could you repost or email me directly?

Thanks

Actions

This Discussion