Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1505
Views
0
Helpful
2
Replies

IP helper-address and VPN

pthaynes
Level 1
Level 1

‎08-09-2004 11:29 PM - edited ‎02-21-2020 01:17 PM

I have a VPN between a PIX 506 (at the central site) and a 837 router at a remote site. I would like to use an "ip helper-address" command to allow some thin-client devices at the remote site to tftp down configuration. Unfortunately the devices don't support getting the address of the tftp server via DHCP, so the helper-address seems to be my only option. My question is will the configuration work, and if so what access-list stuff or other special configuration will I need to add?

I believe the tftp works as a directed broadcast and so won't work over IPSec. Is that the case?

Thanks in advance,

Peter

Labels:
0 Helpful
2 Replies 2

drolemc
Level 6
Level 6

‎08-16-2004 07:00 AM

I guess, as long as you can ping that tftp server through the ipsec tunnel, the setup should work.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎08-17-2004 11:54 AM

I do not understand your statement about tftp working as a directed broadcast. I would expect the thin client to send a broadcast request to tftp server to the local LAN. The router would receive the request and if a helper-address is configured the router will generate a packet to the address configured in the command. That address can be unicast or directed broadcast. I am not aware of anything that prevents it running over IPSec.

In terms of what you need to be careful about in the config: since the tftp packet outbound is coming from the router be sure that it is permitted in the access lists that define the VPN traffic.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents