I'm having a big problem getting dhcp relay to work with PIX 7.
2 x PIX 515s(7.0) with a VPN tunnel connecting PIX A and PIX B. PIX A has 5 interfaces and the VPN tunnel terminates on it's inside interface. PIX B has only 2 interfaces and the VPN tunnel terminates on it's outside interface.
The tunnel works fine in all respects but dhcp. PIX B has the client terminals attached to its inside interface. The config for PIX B is as follows:
dhcprelay server 10.222.223.130 outside
dhcprelay enable inside
dhcprelay setroute inside
dhcprelay timeout 60
PIX A receives the request on its inside interface. The dhcp server sits on a lower security interface, and there is a staic mapping of the relevant subnets between the inside and server interfaces.
An acl permits all traffic from the server interface (PIX A) back to the client subnet on PIX B.
Yet a packet trace of PIX B shows the dhcp request leaving but not returning.
A trace of PIX A shows the request coming in AND being responded to by the server on its server interface but then the packet vanishes. i.e no sign of it entering the tunnel back toward PIX B.
I'm finding this hard to analyse as in terms of IP connectivity everything but dhcp works as it should do. Am I missing some dhcprelay config on PIXA?
Any ideas gratefully received. This problem has dragged on for weeks now.
We ran in to this same issue about a year ago. I found part of an e-mail conversation with our SE but I wasn't able to find a bug number that referenced the problem. We ended up using a 2500 router to provide DHCP.
Even with using the relay agent options on the PIX, DHCP address aren't able be served through the WLC to the wireless clients. I'll look to see if I can find a few more details or documentation on the problem.
Sorry, I assumed you were using a WLC. I know that the virtual interface on the WLC won't work with a 501 PIX to serve DHCP (even wtih relay setup properly). We watched as the PIX kept dropping the DHCP request packets from the WLC.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...