RE: [fw-wiz] Cisco PIX DHCP relay via IPSEC
From: Perrymon, Josh L. (PerrymonJ_at_bek.com)
Date: 10/29/03
- Previous message: Melson, Paul: "[fw-wiz] Odd PIX / router behavior"
- Maybe in reply to: Scot Kreienkamp: "[fw-wiz] Cisco PIX DHCP relay via IPSEC"
- Next in thread: Scot Kreienkamp: "RE: [fw-wiz] Cisco PIX DHCP relay via IPSEC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'mailinglists@wjnconsulting.com'" <mailinglists@wjnconsulting.com>, 'Scot Kreienkamp' <Scot@pc-sos.net>, firewall-wizards@honor.icsalabs.com Date: Wed, 29 Oct 2003 16:23:15 -0600
Not sure why you don't do DHCP from the remote end unless you don't control
it...
It will be hard to get DHCP over the IPSEC unless you use GRE tunnels to
forward broadcasts..
So basically, the DHCP broadcast needs to get tunneled over IPSEC with GRE
to the main site.
But, I would try to do it on the remote end. I have lots of pixes doing it
and it works great...
With a small exception of leases not releasing sometimes so I like to change
that value.
-JP
-----Original Message-----
From: Wes Noonan [mailto:mailinglists@wjnconsulting.com]
Sent: Wednesday, October 22, 2003 11:15 AM
To: 'Scot Kreienkamp'; firewall-wizards@honor.icsalabs.com
Subject: RE: [fw-wiz] Cisco PIX DHCP relay via IPSEC
I don't believe that the PIX can pass DHCP/bootp, but don't hold me to that
(never tried it). The remote PIX could be configured to be a DHCP server
that you can manage however, and TFTP would easily pass through the VPN
tunnel so that might be another option to address your needs.
HTH and good luck.
Wes
> -----Original Message-----
> From: firewall-wizards-admin@honor.icsalabs.com [mailto:firewall-wizards-
> admin@honor.icsalabs.com] On Behalf Of Scot Kreienkamp
> Sent: Wednesday, October 22, 2003 09:59
> To: firewall-wizards@honor.icsalabs.com
> Subject: [fw-wiz] Cisco PIX DHCP relay via IPSEC
>
> Hi all,
>
> I'm looking at using two PIX's to do site to site IPSEC via the
> internet. Because I don't control all the devices at the remote end one
> of my requirements is that I be able to do DHCP/Bootp and TFTP from the
> remote end to the head end via the IPSEC VPN. Does anyone know if the
> PIX will be able to do this?
>
> If anyone has a better product in mind that can accomplish this please
> let me know, I'm not stuck on the PIX but I do need a workable solution
> within the next few days. Please don't say linux, I've already been
> turned down there. :)
>
> Thanks!
>
> Scot Kreienkamp
> Scot@PC-SOS.net
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Melson, Paul: "[fw-wiz] Odd PIX / router behavior"
- Maybe in reply to: Scot Kreienkamp: "[fw-wiz] Cisco PIX DHCP relay via IPSEC"
- Next in thread: Scot Kreienkamp: "RE: [fw-wiz] Cisco PIX DHCP relay via IPSEC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
