From: C Chan (cch.ccie@gmail.com)
Date: Sun Mar 01 2009 - 20:22:20 ARST
Dear Sadiq,
I don't think so because the IPSec is already formed from inside of PIX to
remote cloud. The actual DHCP request (UDP 67 & 68) would encap into IPSec
tunnel when leaving PIX outside interface.
Chan
On Mon, Mar 2, 2009 at 1:32 AM, Sadiq Yakasai <sadiqtanko@gmail.com> wrote:
> Have you allowed the relevant port numbers (UDP:67 & 68) opened on the
> Outside interface of the PIX? Can we please see the config on the PIX?
>
> Thanks,
>
> Sadiq
>
> On Sun, Mar 1, 2009 at 3:17 PM, C Chan <cch.ccie@gmail.com> wrote:
>
>> Hi Expert,
>>
>> Is there anyone having experience to transport DHCP packet over PIX's
>> IPSec
>> tunnel? Any tricky setting required in PIX 7.x?
>> The setting looks simple and configuration is working fine. I even able to
>> ping DHCP server over IPSec tunnel by using an interface with IP helper
>> address config in 3750 core switch. However, the end client is not able to
>> get any IP address at all. I have troubleshooted for a long time and
>> didn't
>> spot anything wrong with PIX config.
>>
>> Client <-> 3750 core <-> PIX <-- IPSec--> clound <-> DHCP server
>>
>> Chan
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> CCIE #19963
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:03 ART