I've run into an odd problem on my PIX's (tested on 501's and 506e's). I have a fairly large network of VPN offices that have PIX 501's (all running 6.2(2)) setup as DHCP servers. I've noticed that my office's Neoware and Viewpoint Thin Client's can't obtain an address from the PIX. A few different type's of Thin Clients and all standard PC's don't run into any problems though.
Before I upgraded the offices to VPN, all of the machines on the network were receiving their IP Address via DHCP without a problem, by using the ip helper-address statement on the routers I had deployed.
Since the switch over to VPN and using the PIX's, I've been forced to setup a large number of these machines to use static IP Addresses, which just adds more complexity.
Has anyone here run into similar problems with the DHCPD service on their PIX's?
I would suggest you open a TAC case on this. If you can get a Sniffer trace of what the Neoware and/or Viewpoint clients and the PIX send back and forth and attach it to the case that'd be great. It sounds like a bug but without further information it's hard to pinpoint.
Also, the PIX will support DHCP forwarding in 6.3 code, although that won't be released for a while yet so we'll need to get this problem sorted out for you.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...