The dhcprelay function in PIX OS relays dhcp broadcasts to a specified DHCP server. If the DHCP server is located on a network, on the other side of a VPN tunnel of which one side is terminated at the same PIX, the PIX sends the DHCP relayed messages using it's outside IP adres as the source in the generated packets.
Is there a way to tell the DHCP relay process to use an other IP adres as source in it's packets. Using the outside address of the PIX causes routing issues in the network on the other side of the tunnel. All of a sudden the DHCP server get's requests originating from public IP adresses, they are tunneled (secure) but we'd rather not have routes with public IP adresses in our routing tables. These routes are neccesary in order to get the DHCP server responses back to the DHCP relay agent via the correct link.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...