Re: 2 PIX 501 Connected - One is a DHCP server, the other DHCP r

orebollido · ‎08-11-2003

Has anyone successfully configured 2 PIX 501s that are connected together? We're trying to use the 1st PIX as a DHCP server, and have the 2nd PIX connected to it and have it act as a relay agent. The problem we're having is the DHCP relay agent (2nd PIX) does not give it's clients an IP address from the DHCP server (1st PIX).

gfullage · ‎08-11-2003

I think you have a case open on this already, cause I just helped another TAC engineer with the exact same question.

From the dhcpd command reference for the PIX:

The dhcpd address command specifies the DHCP server address pool. The address pool of a PIX Firewall DHCP server must be within the same subnet of the PIX Firewall interface that is enabled. In other words, the client must be physically connected to the subnet of a PIX Firewall interface.

This means that the PIX DHCP server will only allocate addresses to clients that are physically connected on one of the PIX's own interfaces. You can't have another PIX relaying DHCP requests from a different subnet and expect to have the PIX give out an address for it, it doesn't work that way.

You'd be better off with a Windows DHCP server here, cause the PIX is not going to do what you want it to in this situation.

orebollido · ‎08-11-2003

Looks like static IP addresses is my only option here. Thanks for the input and yes I do have a case open with TAC. Thanks again.

orebollido · ‎08-11-2003

What about 2 DHCP servers as a solution? My goal is to have the 2nd PIX as a VPN client and have traffic pass through the 1st PIX on its way to the internet. I'm pretty sure there has to be some sort of communication between the 2 PIXs, what would the commands be for that?

2 PIX 501 Connected - One is a DHCP server, the other DHCP relay agent