DHCPRelay on PIX

gsebk · ‎04-29-2004

Hi,

I have configured on PIX the DHCPRelay function. See the attached config. The PIX uses a VPN tunnel to the remote site 192.168.18.0/24 on which there is a DHCP server. The PCs behind the local PIX are DHCP clients. I have tried the config in our test lab and it worked fine. After deploying the same type of PIX to the customer with the same 6.3(3) OS I am facing with the following problem: the DHCP client (PC directly attached to the PIX501 switch modul) do not receives any address from the PIX. If I debug the pix with the following commands:

debug dhcprelay event

debug dhcprelay error

debug dhcprelay packet

no log information can be seen when the DHCP client asks for a dinamic address. If I use the

debug packet inside

command, the dhcp broadcast can be seen on the wire. When I tested the config in our lab I could catch logs from the debug dhcprelay commands.

I have found a bug in the bug tool (CSCea64707) which says that i OS 6.3 there is a DHCPRelay bug when it is used together with the

management-interface inside

command but this bug was fixed in 6.3(2).

What can be the problem?

ehirsel · ‎04-29-2004

How did you test in your lab? Did you use the pppoe connection to the same destination network? Can you post the config that worked?

m.rainer · ‎04-30-2004

Hallo,

The problem with the dhcprelay is sending its packets with the source ip address of the outside interface of the pix. So you have to tunnel the outside ip address of the pix intoipsec too! I tried that configuration and it worked really fine.

It's nothing about the bug!

Best regards markus