RE: [fw-wiz] Cisco PIX DHCP relay via IPSEC

From: Scot Kreienkamp (Scot_at_pc-sos.net)
Date: 10/22/03

  • Next message: Sloane, David: "RE: [fw-wiz] (no subject)"
    To: <firewall-wizards@honor.icsalabs.com>
    Date: Wed, 22 Oct 2003 13:24:40 -0400
    
    

    Sorry for the duplicate, hit send accidentally.

    I'm reading the list on the archives, so somebody may have already
    pointed this out.

    From
    http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configura
    tion_guide_chapter09186a0080172790.html#1076424

    PIX Firewall Version 6.3 provides support for DHCP relay. The DHCP relay
    agent provided helps dynamically assign IP addresses to hosts on the
    inside interfaces of the PIX Firewall. When the DHCP relay agent
    receives a request from a host on an inside interface, it forwards the
    request to one of the specified DHCP servers on an outside interface.

    If that's the case then could I forward the DHCP requests across the
    IPSEC tunnel?

    Scot Kreienkamp
    Scot@PC-SOS.net
    Phone: 419-872-2500
    Fax: 419-831-8500
     

    -----Original Message-----
    From: Wes Noonan [mailto:mailinglists@wjnconsulting.com]
    Sent: Wednesday, October 22, 2003 12:15 PM
    To: Scot W. Kreienkamp; firewall-wizards@honor.icsalabs.com
    Subject: RE: [fw-wiz] Cisco PIX DHCP relay via IPSEC

    I don't believe that the PIX can pass DHCP/bootp, but don't hold me to
    that (never tried it). The remote PIX could be configured to be a DHCP
    server that you can manage however, and TFTP would easily pass through
    the VPN tunnel so that might be another option to address your needs.

    HTH and good luck.

    Wes

    > -----Original Message-----
    > From: firewall-wizards-admin@honor.icsalabs.com
    > [mailto:firewall-wizards- admin@honor.icsalabs.com] On Behalf Of Scot
    > Kreienkamp
    > Sent: Wednesday, October 22, 2003 09:59
    > To: firewall-wizards@honor.icsalabs.com
    > Subject: [fw-wiz] Cisco PIX DHCP relay via IPSEC
    >
    > Hi all,
    >
    > I'm looking at using two PIX's to do site to site IPSEC via the
    > internet. Because I don't control all the devices at the remote end
    > one of my requirements is that I be able to do DHCP/Bootp and TFTP
    > from the remote end to the head end via the IPSEC VPN. Does anyone
    > know if the PIX will be able to do this?
    >
    > If anyone has a better product in mind that can accomplish this please
    > let me know, I'm not stuck on the PIX but I do need a workable
    > solution within the next few days. Please don't say linux, I've
    > already been turned down there. :)
    >
    > Thanks!
    >
    > Scot Kreienkamp
    > Scot@PC-SOS.net
    >
    >
    > _______________________________________________
    > firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    Scot Kreienkamp
    Scot@PC-SOS.net
    Phone: 419-872-2500
    Fax: 419-831-8500
     

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Sloane, David: "RE: [fw-wiz] (no subject)"