Passing DHCP through Site to Site VPN
I have a site to site vpn setup between a PIX 501 and a Juniper SSG520. The VPN is passing traffic fine; however, I am unable to receive DHCP. The DHCP servers are on the same LAN as the Juniper. I am also unable to ping the DHCP/DNS servers from the PIX or anything behind it.
Any help would be greatly appreciated.
»
- Add new comment
- 364 reads
Re:Passing DHCP through Site to Site VPN
You can try setting up the dhcp relay agent. I dont know how this works via VPN, but this is what cisco recommends to forward dhcp traffic.
Here are some of the commands that are used:
From the Juniper Front, you can use knowledge base:
http://kb.juniper.net/KB7287
For Cisco Front, you can use this:
dhcprelay server 10.2.1.2 outside
!--- Enter this command in order to set the
!--- IP address of a DHCP server on a different
!--- interface from the DHCP client.
dhcprelay enable inside
!--- Enter this command in order to
!--- enable DHCP relay on the interface connected to the clients.
dhcprelay setroute inside
!--- Enter this command to cause the default IP address of the DHCP reply
!--- to be substituted with the address of the security appliance inside interface.
Cisco's weblink:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008075fcfb.shtml#asdmserver