https://community.cisco.com/t5/network-security/pxe-boot-on-inside-interface/m-p/1877077#M490050 <HTML><HEAD></HEAD><BODY><P>Hi Mike,</P><P></P><P>the three shows give emtpy respond, NAT is not enabled cause of using public ip addresses.</P><P>The version of FWSM software is 4.1(7) and runs in routed mode, multi context.</P><P></P><P>Thanks,</P><P>Juergen</P></BODY></HTML> Tue, 27 Dec 2011 16:50:02 GMT juergen.stader 2011-12-27T16:50:02Z https://community.cisco.com/t5/network-security/pxe-boot-on-inside-interface/m-p/1877075#M490028 <P>Hi,</P><P></P><P>i have difficulties to get PXE-Boot working in following scenario:</P><P></P><P>Client is in Subnet 1 behind the FWSM (inside interface).</P><P>Server is in Subnet 2 behind the FWSM (inside interface).</P><P></P><P>Both, client and server have public IP-addresses, so no NAT is needed.</P><P>DHCP Relay is configured (pxe-server as interface servers, trusted=yes), Relay agent ist anabled, set route is disabled.</P><P></P><P>In the real-time log i get this error:</P><P>portmap translation creation failed for udp src server:PXE-Server/62510 dst subnet1:IP/67</P><P></P><P>(IP in this case is the address of the FWSM interface on subnet 1, not the address from the client).</P><P></P><P>Any suggestions?</P><P></P><P>Thanks.</P> Mon, 11 Mar 2019 22:06:54 GMT https://community.cisco.com/t5/network-security/pxe-boot-on-inside-interface/m-p/1877075#M490028 juergen.stader 2019-03-11T22:06:54Z https://community.cisco.com/t5/network-security/pxe-boot-on-inside-interface/m-p/1877076#M490030 <HTML><HEAD></HEAD><BODY><P>Hi Juergen,</P><P></P><P>The syslog you see is for the DHCP response from the server back to the GIADDR IP (i.e. the FWSM) for use in DHCP relay. This is the expected behavior per RFC 2131:</P><P></P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>"If the 'giaddr' field in a DHCP message from a client is non-zero, the</P><P>server sends any return messages to the 'DHCP server' port on the BOOTP</P><P>relay agent whose address appears in 'giaddr'."</P></PRE><P></P><P>Check the output of 'show run nat', 'show run global', and 'show run static' and make sure you don't have any rules that would overlap with this traffic. Also, let us know what version of FWSM software you're running and whether this is in routed or transparent mode.</P><P></P><P>-Mike</P></BODY></HTML> Tue, 27 Dec 2011 16:25:53 GMT https://community.cisco.com/t5/network-security/pxe-boot-on-inside-interface/m-p/1877076#M490030 mirober2 2011-12-27T16:25:53Z https://community.cisco.com/t5/network-security/pxe-boot-on-inside-interface/m-p/1877077#M490050 <HTML><HEAD></HEAD><BODY><P>Hi Mike,</P><P></P><P>the three shows give emtpy respond, NAT is not enabled cause of using public ip addresses.</P><P>The version of FWSM software is 4.1(7) and runs in routed mode, multi context.</P><P></P><P>Thanks,</P><P>Juergen</P></BODY></HTML> Tue, 27 Dec 2011 16:50:02 GMT https://community.cisco.com/t5/network-security/pxe-boot-on-inside-interface/m-p/1877077#M490050 juergen.stader 2011-12-27T16:50:02Z