cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
892
Views
0
Helpful
4
Replies

Allowing Directed Broadcast through PIX 515

seetharaman-a
Level 1
Level 1

Hi,

I would like to know whether we will be able to configure IP directed broadcst, or helper address in PIX.

The scenario is something like this.

There are two networks connected through internet. At one location we have PIX 515 (PIx version 6.2) and other location we have a uBR router (IOS 12.2) and a IPSEC tunnel is formed between router and PIX. Router's LAN network is 10.100.0.0 and PIX inside network is 192.168.0.0.

I want to configure the PIX and the router is such a way that if a directed broadcast is transmitted from the network 192.168.0.0 (i.e, 192.168.255.255), it has to reach the other end network (i.e, 10.100.0.0) through the tunnel.

Hope someone can help me.

Regards,

Raman.

4 Replies 4

gfullage
Cisco Employee
Cisco Employee

Can't say I've ever tested this, but I don't see why it wouldn't just work, assuming your crypto access-lists allow it to be encrypted. Why would there be a packet sourced from a broadcast address, going to a broadcast address anyway, that doesn't make sense.

I would think if your crypto ACL on the PIX has:

> access-list encrypt permit ip 192.168.0.0 255.255.0.0 10.100.0.0 255.255.0.0

then any packet matching that should be encrypted. Your uBR ACL will have to be the opposite of that, but it should work.

Thanks for the reply.

tried this, but it didn't work for me.

Similar to IP helper address which we used to configure in routers, is there any command that can be configured in PIX, so that the broadcast in the LAN (192.168.255.255) will be send to 10.100.0.0 network.

Regards,

Seetharaman.

No, not in the PIX. DHCP relaying is coming in version 6.3, but I think this may just forward DHCP broadcast traffic, not any traffic.

When you send this traffic, do you see the encrypts/decrypts increment in the "sho cry ipsec sa" command output?

Hi Glenn,

Any idea when we will be seeing version 6.3 ?

Thanks

Review Cisco Networking for a $25 gift card