I'm testing a vpn setup for a customer with dhcprelay but can't get dhcprelay through the tunnel. The vpn tunnel is between a PIX and a Linux box and works fine. When I configure my client with a statis ip address everything goes through the tunnel and works well. Here's my PIX setup:
access-list 100 permit ip 192.168.120.0 255.255.255.0 192.168.231.0 255.255.255.0
Can you manually ping to the server 192.168.231.150 ? If this is possible, then the dhcp relay packet should go through the tunnel. Check if the relay packet is stopped at the PIX side (by enabling debugging) and that there is a return path for the unicast lease offer packet.
Are you sure this is suppose to work through a tunnel ?
I never used this command , but as i understand it , it's the outside interface that will forward the DHCP request . But traffic issued by your outside interface is not part of your tunnel. You may try to add in your crypto access-list the line;
access-list 100 permit ip host 192.168.251.161 192.168.231.0 255.255.255.0
this way traffic issued by your outside interface will be part of the tunnel.
A little bit like we do to reach a syslog server through a tunnel except that here we want to reach a DHCP server
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...