Solved: Re: pix 515E netbios broadcast between interfaces and ip address

pixnewb11 · ‎10-25-2008

1) If the ACL between the 2 interfaces is "permit all", does it allow the broadcasts (like netbios) to be relayed to the other interface?

2) And does 515E have an ip address helper? I don't see any commands relating to ip address helper when I do "?".

The version of the pix is:

Cisco PIX Firewall Version 6.1(4)

Thank you

Jon Marshall · ‎10-30-2008

1) Pix firewalls running 6.x code will not forward broadcasts across it's interfaces.

2) Pix firewalls do have a DHCP relay function which is essentially the same as ip-helper but this was introduced in version 6.3 so it won't be available in 6.1(4) -

http://www.cisco.com/en/US/docs/security/pix/pix63/release/notes/pixrn632.html#wp67758

Jon

View solution in original post

pixnewb11 · ‎10-25-2008

So for 1), is it possible to allow broadcasts to be forwarded between its interfaces?

Thanks

Jon Marshall · ‎10-30-2008

No it's not and here is a link which happens to cover netbios and pix v6.1 software. Note this excerpt

"Because the PIX blocks broadcasts (this cannot be changed), name resolution will fail. This eventually results in the above error message."

Full link -

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00801ab781.shtml

Jon

pixnewb11 · ‎10-30-2008

Ok, thanks

Jon Marshall · ‎10-30-2008

1) Pix firewalls running 6.x code will not forward broadcasts across it's interfaces.

2) Pix firewalls do have a DHCP relay function which is essentially the same as ip-helper but this was introduced in version 6.3 so it won't be available in 6.1(4) -

http://www.cisco.com/en/US/docs/security/pix/pix63/release/notes/pixrn632.html#wp67758

Jon

pix 515E netbios broadcast between interfaces and ip address helper