cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
410
Views
0
Helpful
2
Replies

PIX VPN Site-to-site with dhcprelay

sjdixon
Level 1
Level 1

How do I get dhcprelay traffic to be included in a PIX IPSec site-to-site tunnel? The dhcprelay server traffic needs to flow across the tunnel. Should the IP address of the DHCP server be included as a destination? What should the source IP address be for the flow to the DHCP server?

2 Replies 2

ebreniz
Level 6
Level 6

You need to include this traffic in the " interesting traffic" definitions. I assume that you have the DHCP relay agent on one side (location A) and the DHCP server on the other side(location B).

On location A;

The source will be the IP address of the DHCP relay agent and destination will be that of the DHCP server.

On location B;

The source will be the IP addres of DHCP server and destination will be that of DHCp relay agent.(mirror of loc A)

Thanks for the reply. I was able to get this working by adding an access-list entry for the tunnel using the outside IP of the DHCP Relay PIX to the IP address of the DHCP server plus the mirror of that access-list entry on the central site PIX that anchors the tunnel.