Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
0
Helpful
2
Replies

configuring DHCP relay trough a site-to-site VPN on a pix

skycam
Level 1
Level 1

‎01-14-2004 03:29 AM - edited ‎02-21-2020 01:00 PM

I'm trying to configure dhcp relay between two pix with a site-to-site vpn with out any success, I've tried with the following commands on the remote pix.

dhcprelay server 172.30.xx.xx outside

dhcprelay setroute inside

dhcprelay enable inside

the remote net has ip range 172.16.x.x

net where dhcp server is installed 172.30.xx.xx

here is the config on the remote pix, os version is 6.3.3

nameif ethernet0 outside security0

nameif ethernet1 inside security100

hostname xxxx

domain-name xxxxx

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

access-list 100 permit icmp any any echo-reply

access-list 100 permit icmp any any time-exceeded

access-list 100 permit icmp any any unreachable

access-list 101 permit ip 172.16.xx.0 255.255.255.0 172.30.xx.0 255.255.252.0

pager lines 24

interface ethernet0 10baset

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside 193.216.yyy.yyy 255.255.255.252

ip address inside 172.16.xx.1 255.255.255.0

ip verify reverse-path interface inside

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-group 100 in interface outside

route outside 0.0.0.0 0.0.0.0 193.216.zzz.zzz 1

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set Avd-kontor esp-des esp-md5-hmac

crypto map Avd 20 ipsec-isakmp

crypto map Avd 20 match address 101

crypto map Avd 20 set peer 193.216.yyy.yyy

crypto map Avd 20 set transform-set Avd-kontor

crypto map Avd interface outside

isakmp enable outside

isakmp key * address 193.216.y.y netmask 255.255.255.255

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

dhcprelay server 172.30.xx.111 outside

dhcprelay setroute inside

dhcprelay enable inside

Any thing I'm missing or need to consider?

Regards,

Alex Johnsen

Labels:
0 Helpful
2 Replies 2

mostiguy
Level 6
Level 6

‎01-14-2004 08:42 AM

what does "show dhcprelay stat" show?

try debug dhcprelay, maybe it will kick back something interesting

0 Helpful

skycam
Level 1
Level 1
In response to mostiguy

‎01-14-2004 10:44 AM

I've tried that and it says nothing

0 Helpful
Customers Also Viewed These Support Documents