topic Re: DHCP passing through PIX (FWSM) in Network Security

DHCP passing through PIX (FWSM)

p.danielsen — Mon, 11 Mar 2019 09:28:33 GMT

Hi,

Any one tried to configure a PIX firewall to proxy DHCP request through.

I have a Central DHCP Server, and I want to use it for our clients placed on a other network, the only connection between the to networks a trough a PIX firewall.

Illustrated.

DHCP Server <-> MPLS <-> PIX <-> MPLS <-> DHCP Clients

Best Regards

Peter

Re: DHCP passing through PIX (FWSM)

sachinraja — Sun, 04 Feb 2007 00:46:31 GMT

Hello peter,

I'm really not sure if anyone would have even attempted such scenario !!!! DHCP requests are basically broadcasts which work well on a single subnet.. if you have multiple subnets on the LAN, you can obviously use the "helper addresss" to transport it to the other subnets.. But with your case, there is a PIX, WAN etc which will not transport this broadcast !!!

Have a local DHCP server.. you also have a lot of switch/router which supports DHCP.. you can configure any local switch or router as a DHCP server and finish it off !!!

Hope this helps.. all the best..

Raj

Re: DHCP passing through PIX (FWSM)

p.danielsen — Sun, 04 Feb 2007 06:57:11 GMT

Hi Raj,

My plan was to use ip-helper on all client interfaces, But ...

So the real question is, has anyone tryed the senario, when Client networks are placed on on side of a PIX Firewall, and servers are placed on anoter side,

There is no servers/clients connected directly on the same subnet as the pix, there for ip-helper would be used on client interfaces, ip-helper will point to the central DHCP Server, only issue ? there is a PIX ind the middel ?

I know is?t posible to use the local DHCP server, om Switchs/Routers, but for this task i need it to be the central DHCP server ..

Best Regards

Peter

Re: DHCP passing through PIX (FWSM)

sachinraja — Sun, 04 Feb 2007 22:42:40 GMT

Hello Peter,

If you want to pass DHCP requests through a PIX firewall, you need to configure DHCP relay on the PIX... this is the only way you can do it.. you can refer to the following DOC for this:

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008075fcfb.shtml

Are there any access-list on the inside of your PIX ?? If so, you might need to allow DHCP Ports (UDP 67, 547/546 UDP) to pass through !!!

You can have a look at all the known port numbers here:

http://www.iana.org/assignments/port-numbers

Hope this helps.. all the best. rate replies if found useful..

Raj

Re: DHCP passing through PIX (FWSM)

Communications — Tue, 13 Mar 2007 17:45:40 GMT

I am also trying to pass DHCP packets across a PIX, I configured DHCP relay and clients directly connected to the PIX received DHCP addresses but clients the other side of a router are not getting addresses I have allowed 67,68 through the PIX but not 547/546 we are using IP v4. Using Debug on the Router I can see encapuslation errors the client interface has encapsulation 802.1Q with Sub interfaces and a ip helper address but the other interface connected to the PIX does not have 802.1Q encapsulation.

Any Help gratefully received.

Mike