I have been doing some reading. I will set up a Dhcp server on the inside interface of my pix. I would like to have the DHCP Server authenticate to the Active Directory Server that is located on the DMZ.
Win 2008 DHCP
Active Directory Server
What would be the issues that I could run in to when I try to authenticate this server from the inside interface to the dmz? I see that Dhcprelay option is available on the PIX 6.3
I'm guessing this is the only command that I need to use: dhcprelay enable dmz
Basically if you have a nat translation from inside to DMZ, and the inside has a higher security level, you wont have any issues authenticating the Active directory. I am not sure how this traffic will flow, but if it is just one connection to from the DCHP server to the AD, I dont see where it could go wrong.
Another thing, DHCP relay would only work if you want to forward DHCP request done from the dmz to the server located on the inside, however, you may need a little bit more config that just enabling the relay on the interface, take a look at this:
Use the following command to enable the DHCP relay agent:
[no] dhcprelay enable interface
Replace interface with the name of the interface connected to the DHCP clients.
Use the following command to configure a DHCP server address for the relay agent:
[no] dhcprelay server dhcp_server_ip server_ifc
Replace dhcp_server_ip with the IP address of the DHCP server. Replace server_ifc with the interface connected to the DHCP server. You can use this command to identify up to four servers.
By default, the default gateway used by the DHCP server is configured on the DHCP server. To specify the default gateway to be used by the DHCP server in the PIX Firewall configuration, enter the following command: