DHCP Relay Over IPSEC VPN between a PIX and VPN Concentrator

criitdept · ‎02-29-2008

Dear all,

I am having problems getting DHCP relay working at a remote site

At the Main site i have a Windows 2003 DHCP Server behind a VPN Concentrator 3005

At the remote site i have a Cico PIX 501.

The VPN is workings correctly and can ping from both ends.

Unfortunately no matter what config i put into the Pix i can't get it to relay to the clients.

the config i have tried on the clients is..

dhcprelay server 192.168.1.1 outside

dhcprelay enable inside

dhcprelay setroute inside

and

dhcprelay server Outside_IP outside

dhcprelay enable inside

dhcprelay setroute inside

and also have included tried both with the following lines in the access lists

access-list inside_nat0_outbound permit ip Outside_IP 255.255.255.255 192.168.1.0 255.255.255.0

access-list outside_cryptomap_10 permit ip Outside_IP 255.255.255.255 192.168.1.0 255.255.255.0

Can anyone help?

Thanks

James

brettmilborrow · ‎03-04-2008

Hi James,

Is there a VPN between the to sites?

criitdept · ‎03-17-2008

The VPN is working.

I have found a few articles and they have said that i need to setup a GRE VPN over ipsec to allow the dhcp broadcast, unfortunately this requires version 7 of the IOS on the PIX and as i only have a 501, this runs 6.3. so i'm now going to have to rethink my design.

Thanks for your help.

James

gerdpleyer · ‎06-28-2008

Any update on this?

I almost want to do the same - but doesn't work via vpn.

mathias.mahnke · ‎02-12-2009

We ran into the same issue. Didn't found any solution either. Any hints welcome.