RE: [fw-wiz] Cisco PIX DHCP relay via IPSEC

From: Scot Kreienkamp (Scot_at_pc-sos.net)
Date: 10/22/03

  • Next message: Sloane, David: "RE: [fw-wiz] (no subject)"
    To: <firewall-wizards@honor.icsalabs.com>
    Date: Wed, 22 Oct 2003 13:24:40 -0400
    
    

    Sorry for the duplicate, hit send accidentally.

    I'm reading the list on the archives, so somebody may have already
    pointed this out.

    From
    http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configura
    tion_guide_chapter09186a0080172790.html#1076424

    PIX Firewall Version 6.3 provides support for DHCP relay. The DHCP relay
    agent provided helps dynamically assign IP addresses to hosts on the
    inside interfaces of the PIX Firewall. When the DHCP relay agent
    receives a request from a host on an inside interface, it forwards the
    request to one of the specified DHCP servers on an outside interface.

    If that's the case then could I forward the DHCP requests across the
    IPSEC tunnel?

    Scot Kreienkamp
    Scot@PC-SOS.net
    Phone: 419-872-2500
    Fax: 419-831-8500
     

    -----Original Message-----
    From: Wes Noonan [mailto:mailinglists@wjnconsulting.com]
    Sent: Wednesday, October 22, 2003 12:15 PM
    To: Scot W. Kreienkamp; firewall-wizards@honor.icsalabs.com
    Subject: RE: [fw-wiz] Cisco PIX DHCP relay via IPSEC

    I don't believe that the PIX can pass DHCP/bootp, but don't hold me to
    that (never tried it). The remote PIX could be configured to be a DHCP
    server that you can manage however, and TFTP would easily pass through
    the VPN tunnel so that might be another option to address your needs.

    HTH and good luck.

    Wes

    > -----Original Message-----
    > From: firewall-wizards-admin@honor.icsalabs.com
    > [mailto:firewall-wizards- admin@honor.icsalabs.com] On Behalf Of Scot
    > Kreienkamp
    > Sent: Wednesday, October 22, 2003 09:59
    > To: firewall-wizards@honor.icsalabs.com
    > Subject: [fw-wiz] Cisco PIX DHCP relay via IPSEC
    >
    > Hi all,
    >
    > I'm looking at using two PIX's to do site to site IPSEC via the
    > internet. Because I don't control all the devices at the remote end
    > one of my requirements is that I be able to do DHCP/Bootp and TFTP
    > from the remote end to the head end via the IPSEC VPN. Does anyone
    > know if the PIX will be able to do this?
    >
    > If anyone has a better product in mind that can accomplish this please
    > let me know, I'm not stuck on the PIX but I do need a workable
    > solution within the next few days. Please don't say linux, I've
    > already been turned down there. :)
    >
    > Thanks!
    >
    > Scot Kreienkamp
    > Scot@PC-SOS.net
    >
    >
    > _______________________________________________
    > firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    Scot Kreienkamp
    Scot@PC-SOS.net
    Phone: 419-872-2500
    Fax: 419-831-8500
     

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Sloane, David: "RE: [fw-wiz] (no subject)"

    Relevant Pages

    • [NEWS] Cisco PIX Firewall Manager Password Disclosure Vulnerability
      ... Cisco PIX Firewall Manager Password Disclosure Vulnerability ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... standard Windows NT workstation or server that serves as the management ...
      (Securiteam)
    • Vulnerability: Cisco PIX Firewall Manager
      ... Subject: Vulnerability: Cisco PIX Firewall Manager ... saved in plaintext on the management station. ...
      (Bugtraq)
    • Re: Server manchmal nicht =?UTF-8?B?w7xiZXIgUkRQIGVycmVpY2hiYXI=?=
      ... Both the host and the server can set the maximum segment size when they first establish a connection. ... If either maximum exceeds the value you set with the sysopt connection tcpmss command, then the PIX firewall overrides the maximum and inserts the value you set. ...
      (microsoft.public.de.german.windows.server.general)
    • [NEWS] Weak Cisco PIX Enable Password Encryption Algorithm
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The encryption algorithm used by Cisco PIX Firewall software to encrypt ...
      (Securiteam)
    • Re: Win2K logon through Firewall
      ... If I could afford a PIX, I would gladly answer your question, because I ... would have played with that damn expensive piece of lovely kit for ... > Pix Firewall, log into the Domain. ... > I can get a server/computer to log into a NT4 domain through the firewall, ...
      (microsoft.public.win2000.security)