RE: [fw-wiz] Cisco PIX DHCP relay via IPSEC

• Previous message: Nilanjan Sengupta: "[fw-wiz] Domain Login Problem Thru Netscreen"
• Maybe in reply to: Scot Kreienkamp: "[fw-wiz] Cisco PIX DHCP relay via IPSEC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Perrymon, Josh L.'" <PerrymonJ@bek.com>
Date: Thu, 30 Oct 2003 08:17:25 -0500

As I said, I do not control everything at the remote end. There is a
piece of hardware at the remote end that needs bootp/tftp and dhcp from
a specific server at the head end, and there's nothing I can do to
change that. If it weren't for that I would just do dhcp from the PIX.
The only other alternative is a leased line with routers that are
configured with the dhcp helper option. Rather costly for a medium
sized business to get a leased line from Michigan to Florida.

From what I've heard so far from the list it should work. I've gone
ahead and submitted my idea, if I get to try it I'll send a follow-up to
the list. Thanks for all your comments!

Scot Kreienkamp
Scot@PC-SOS.net
Phone: 419-872-2500
Fax: 419-831-8500
 

-----Original Message-----
From: Perrymon, Josh L. [mailto:PerrymonJ@bek.com]
Sent: Wednesday, October 29, 2003 5:23 PM
To: 'mailinglists@wjnconsulting.com'; Scot W. Kreienkamp;
firewall-wizards@honor.icsalabs.com
Subject: RE: [fw-wiz] Cisco PIX DHCP relay via IPSEC

Not sure why you don't do DHCP from the remote end unless you don't
control it... It will be hard to get DHCP over the IPSEC unless you use
GRE tunnels to forward broadcasts..

So basically, the DHCP broadcast needs to get tunneled over IPSEC with
GRE to the main site.

But, I would try to do it on the remote end. I have lots of pixes doing
it and it works great... With a small exception of leases not releasing
sometimes so I like to change that value.

-JP

-----Original Message-----
From: Wes Noonan [mailto:mailinglists@wjnconsulting.com]
Sent: Wednesday, October 22, 2003 11:15 AM
To: 'Scot Kreienkamp'; firewall-wizards@honor.icsalabs.com
Subject: RE: [fw-wiz] Cisco PIX DHCP relay via IPSEC

I don't believe that the PIX can pass DHCP/bootp, but don't hold me to
that (never tried it). The remote PIX could be configured to be a DHCP
server that you can manage however, and TFTP would easily pass through
the VPN tunnel so that might be another option to address your needs.

HTH and good luck.

Wes

> -----Original Message-----
> From: firewall-wizards-admin@honor.icsalabs.com
> [mailto:firewall-wizards- admin@honor.icsalabs.com] On Behalf Of Scot
> Kreienkamp
> Sent: Wednesday, October 22, 2003 09:59
> To: firewall-wizards@honor.icsalabs.com
> Subject: [fw-wiz] Cisco PIX DHCP relay via IPSEC
>
> Hi all,
>
> I'm looking at using two PIX's to do site to site IPSEC via the
> internet. Because I don't control all the devices at the remote end
> one of my requirements is that I be able to do DHCP/Bootp and TFTP
> from the remote end to the head end via the IPSEC VPN. Does anyone
> know if the PIX will be able to do this?
>
> If anyone has a better product in mind that can accomplish this please

> let me know, I'm not stuck on the PIX but I do need a workable
> solution within the next few days. Please don't say linux, I've
> already been turned down there. :)
>
> Thanks!
>
> Scot Kreienkamp
> Scot@PC-SOS.net
>
>
> _______________________________________________
> firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Nilanjan Sengupta: "[fw-wiz] Domain Login Problem Thru Netscreen"
• Maybe in reply to: Scot Kreienkamp: "[fw-wiz] Cisco PIX DHCP relay via IPSEC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]