11-01-2005 09:26 AM - edited 02-21-2020 02:04 PM
I have two sites configured for EASY VPN - Network Extension mode. The Main Site is server config and the remote site has the remote config. I am having a problem trying to get DHCP relay requests from my server site to my remote site. When I configure a user with a static IP, I can ping the DCHP server at the main site. The DCHP requests appear to be going out but nothing comes back. Any thoughts?
11-01-2005 10:17 AM
Kathy
A few specifics might help us find answers. How is the remote configured to send DHCP to the server? How is the main site configured to talk to the remote? In particular are there any access lists protecting traffic and how does the main site define interesting traffic to send through the VPN to the remote?
HTH
Rick
11-01-2005 11:15 AM
11-02-2005 09:25 AM
Kathy
EasyVPN with PIX is something I do not have much experience with. I have looked at the configs and do not yet see a problem. Perhaps someone with more experience with this will look and see something that I do not recognize.
Can you tell from the logs on the DHCP server whether the requests get to the server? And whether the server sends a response?
HTH
Rick
11-02-2005 06:40 PM
i had an issue with dhcp relay when configuring lan-lan vpn. finally the public ip of the pix needs to be included as part of the crypto traffic.
i guess the reason is that when the pix relays the dhcp request on behave of the inside host, the pix will use its own ip as the source.
11-03-2005 04:47 AM
Yes I saw your question on the forum earlier, but I am not sure how to do this when it is configured in an Easy-VPN mode, as there is no access-list defining what traffic is crypto'd on the remote end. Also, what happens if the public ip is dynamic at the remote end?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide