dhcprelay with pptp for remote access

Unanswered Question
Aug 15th, 2008
User Badges:

I have a PIX-515 running v6.35 with remote VPN users connecting by pptp to the outside interface, so I use the "vpdn group" commands. For my users to get an ip address, this line does it:

vpdn group PPTP-VPDN-GROUP client configuration address local mypoolname

I would like to forward pptp remote access DHCP requests to an internal DHCP server with the following:

dhcprelay server x.x.x.x inside

dhcprelay enable outside

On page 8-20 of the PIX firewall and Config guide it says,"Through the PPP IPCP protocol negotiation, the firewall assigns a dynamic internal IP address to the PPTP client allocated from a locally defined IP address pool." It doesn't discuss the possibility of using dhcprelay with an internal dhcp server to obtain addresses for pptp remote access users. Is this possible to do?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
hadbou Thu, 08/21/2008 - 13:53
User Badges:
  • Bronze, 100 points or more

To enable the DHCP relay agent, use the dhcprelay enable command in global configuration mode. To disable DHCP relay agent, use the no form of this command. The DHCP relay agent allows DHCP requests to be forwarded from a specified security appliance interface to a specified DHCP server.

You cannot enable DHCP relay under the following conditions:

1)You cannot enable DHCP relay and the DHCP relay server on the same interface.

2)You cannot enable DCHP relay and a DHCP server (dhcpd enable) on the same interface.

3)You cannot enable DHCP relay in a context at the same time as the DHCP server.

4)For multiple context mode, you cannot enable DHCP relay on an interface that is used by more than one context (a shared VLAN).


This Discussion