relay dhcp messages over ipsec, routing

etamminga · ‎01-18-2006

Hi,

Pix 6.3(5)

The dhcprelay function in PIX OS relays dhcp broadcasts to a specified DHCP server. If the DHCP server is located on a network, on the other side of a VPN tunnel of which one side is terminated at the same PIX, the PIX sends the DHCP relayed messages using it's outside IP adres as the source in the generated packets.

Is there a way to tell the DHCP relay process to use an other IP adres as source in it's packets. Using the outside address of the PIX causes routing issues in the network on the other side of the tunnel. All of a sudden the DHCP server get's requests originating from public IP adresses, they are tunneled (secure) but we'd rather not have routes with public IP adresses in our routing tables. These routes are neccesary in order to get the DHCP server responses back to the DHCP relay agent via the correct link.

Regards,

Erk

wong34539 · ‎01-23-2006

Router(config)# dnsix-nat authorized-redirection ip-address

The above command specifies the address of a collection center that is authorized to change primary and secondary addresses. Specified hosts are authorized to change the destination of audit messages

etamminga · ‎01-24-2006

Hi,

I don't think we understand each other correctly.

My PIX is dhcp-relaying dhcp broadcasts to a dhcp server over an IPSec tunnel. It does this using it's outside public IP address as the source address of the dhcp unicast to the dhcp server.

Because of this the network at the other side of the tunnel needs to know how to route to that public IP address.

Is there a way to have the PIX use an other IP address as the source address of it's dhcp unicasts to the dhcp server?

Erik