From: Sam Munzani (sam@xxxxxxxxxx)
Date: Thu Aug 31 2000 - 14:15:37 GMT-3
Comments inline
> > 3. For site to site will DHCP work if you are using 5.2 beta code? 5.2
> > Beta does support DHCP address on public address and PAT behind that
> > address. I have a DSL site with DHCP address needs to be connected to main
> > site.
>
> Don't know on that one, but would like to. Basically are you asking if in
> 5.2 will the PIX forward/convert a DHCP broadcast to a unicast and send it
> out, like the 'ip helper' command in IOS? I had asked Cisco why the PIX
> couldn't do that before, and they said it was a forthcoming feature...
Beta 5.2 code supports following now.
ip address outside dhcp setroute
>>> This line will get an IP address from ISP using DHCP and setup default
G/W from those information just like dial up.
global (outside) 1 interface
nat (inside) 1 0 0
This will let you do PAT for all your clients sitting inside. They have
DHCPD also to provide addresses to internal network.
dhcpd domain xxx.com
dhcpd address xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx
dhcpd dns yyy.yyy.yyy.yyy yyy.yyy.yyy.xxy
dhcpd lease xxxx <== In seconds
dhcpd enable
With this you can hide whole internal network behind public interface
IP. I was successfully able to test out dhcpd configuration on my
firewall. However with @home cable modem service PIX could not get IP
address using DHCP. Haven't tried with any other ISP yet but will try
soon.
Thanks a lot about the info on IPSEC information.
Sam Munzani
sam@munzani.com
Lab: Sept. 9-10 at San Jose
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:33 GMT-3