Just had a question regarding PIX DHCP server capabilities. I didn't realize that the PIX even had it first of all.
Can someone tell me if PIX (525) can serve addresses to a specific VLAN? I have a small "corporate" VLAN set up in our 4006 that will need DHCP as well a about 10 others that won't need DHCP. Maybe the layer 3 portion of the 4006 can do this...?? I will look, but for now... I know that best practice is to just put a DHCP server on the VLAN somewhere but for the interim and for future knowledge it would be helpful to know if either of these devices can perform this fuction.
If I understand well you are trying to use your PIX 525 as a DHCP server. I believe you can do this. You can enable the DHCP deamon on the inside interface of your PIX and It can serve clients with IP. At least that is what the documentation on CCO says. You just have to make sure that the vlan is physically connected to the inside interface. Here is the link that might help you.
You are correct in your assumtion. I wans't really sure wether or not I needed to PHYSICALLY connect the VLAN since you can configure quite a bit with the individual NW's that the PIX talks to. I thought maybe you could tell the PIX to assign DHCP addresses to all the hosts on a specific NW that the PIX knows about. Well thanks anyway, it was worth a shot. :)
The Pix would be able to assign ip's to hosts that are on the same vlan as the firewall's inside interface. If all the devices that need to be serviced through DHCP are in the same vlan, you can use the PIX DHCP functionality. All those hosts would share the same ip subnet with the inside intf of the PIX. If you have other vlans that need dhcp too, you cannot use the PIX for those.
That maks a lot of sense now. I have 4 additional interfaces on the PIX for the capabiltiy of mutliple DMZ's if needed as well as for a bit of port redundancy (just in case... heh heh). So, if I use any of those for DHCP to VLAN hosts, it sounds like it will work the way you stated. Make sense??
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...