From: Sadiq Yakasai (sadiqtanko@gmail.com)
Date: Sun Mar 01 2009 - 20:35:12 ARST
Hey Chan,
Good point. But still, can we see the confix on the PIX please?
Thanks,
On Sun, Mar 1, 2009 at 10:22 PM, C Chan <cch.ccie@gmail.com> wrote:
> Dear Sadiq,
>
> I don't think so because the IPSec is already formed from inside of PIX to
> remote cloud. The actual DHCP request (UDP 67 & 68) would encap into IPSec
> tunnel when leaving PIX outside interface.
>
> Chan
>
>
>
> On Mon, Mar 2, 2009 at 1:32 AM, Sadiq Yakasai <sadiqtanko@gmail.com>wrote:
>
>> Have you allowed the relevant port numbers (UDP:67 & 68) opened on the
>> Outside interface of the PIX? Can we please see the config on the PIX?
>>
>> Thanks,
>>
>> Sadiq
>>
>> On Sun, Mar 1, 2009 at 3:17 PM, C Chan <cch.ccie@gmail.com> wrote:
>>
>>> Hi Expert,
>>>
>>> Is there anyone having experience to transport DHCP packet over PIX's
>>> IPSec
>>> tunnel? Any tricky setting required in PIX 7.x?
>>> The setting looks simple and configuration is working fine. I even able
>>> to
>>> ping DHCP server over IPSec tunnel by using an interface with IP helper
>>> address config in 3750 core switch. However, the end client is not able
>>> to
>>> get any IP address at all. I have troubleshooted for a long time and
>>> didn't
>>> spot anything wrong with PIX config.
>>>
>>> Client <-> 3750 core <-> PIX <-- IPSec--> clound <-> DHCP server
>>>
>>> Chan
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> CCIE #19963
>>
>
>
-- CCIE #19963Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:03 ART