Re: PXE Boot on inside interface

juergen.stader · ‎12-27-2011

Hi,

i have difficulties to get PXE-Boot working in following scenario:

Client is in Subnet 1 behind the FWSM (inside interface).

Server is in Subnet 2 behind the FWSM (inside interface).

Both, client and server have public IP-addresses, so no NAT is needed.

DHCP Relay is configured (pxe-server as interface servers, trusted=yes), Relay agent ist anabled, set route is disabled.

In the real-time log i get this error:

portmap translation creation failed for udp src server:PXE-Server/62510 dst subnet1:IP/67

(IP in this case is the address of the FWSM interface on subnet 1, not the address from the client).

Any suggestions?

Thanks.

mirober2 · ‎12-27-2011

Hi Juergen,

The syslog you see is for the DHCP response from the server back to the GIADDR IP (i.e. the FWSM) for use in DHCP relay. This is the expected behavior per RFC 2131:

"If the 'giaddr' field in a DHCP message from a client is non-zero, the
server sends any return messages to the 'DHCP server' port on the BOOTP
relay agent whose address appears in 'giaddr'."

Check the output of 'show run nat', 'show run global', and 'show run static' and make sure you don't have any rules that would overlap with this traffic. Also, let us know what version of FWSM software you're running and whether this is in routed or transparent mode.

-Mike

juergen.stader · ‎12-27-2011

Hi Mike,

the three shows give emtpy respond, NAT is not enabled cause of using public ip addresses.

The version of FWSM software is 4.1(7) and runs in routed mode, multi context.

Thanks,

Juergen