I have a PIX-515 running v6.35 with remote VPN users connecting by pptp to the outside interface, so I use the "vpdn group" commands. For my users to get an ip address, this line does it:
vpdn group PPTP-VPDN-GROUP client configuration address local mypoolname
I would like to forward pptp remote access DHCP requests to an internal DHCP server with the following:
dhcprelay server x.x.x.x inside
dhcprelay enable outside
On page 8-20 of the PIX firewall and Config guide it says,"Through the PPP IPCP protocol negotiation, the firewall assigns a dynamic internal IP address to the PPTP client allocated from a locally defined IP address pool." It doesn't discuss the possibility of using dhcprelay with an internal dhcp server to obtain addresses for pptp remote access users. Is this possible to do?
To enable the DHCP relay agent, use the dhcprelay enable command in global configuration mode. To disable DHCP relay agent, use the no form of this command. The DHCP relay agent allows DHCP requests to be forwarded from a specified security appliance interface to a specified DHCP server.
You cannot enable DHCP relay under the following conditions:
1)You cannot enable DHCP relay and the DHCP relay server on the same interface.
2)You cannot enable DCHP relay and a DHCP server (dhcpd enable) on the same interface.
3)You cannot enable DHCP relay in a context at the same time as the DHCP server.
4)For multiple context mode, you cannot enable DHCP relay on an interface that is used by more than one context (a shared VLAN).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...