×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

PIX 525 ASA not allowing DHCP addresses to pass through to router

PIX 525 ASA not allowing DHCP addresses to pass through to router

PIX 525 ASA not allowing DHCP addresses to pass through to router

(OP)
Hello,

I currently have a Cisco PIX 525 firewall running version 7.0(1) and ASDM 5.0(4). It is running in transparent mode, and it is connected
between my Time Warner Cable [TWC] modem and F0/0 on my Cisco 3660 router. When I reload the router, the router cannot obtain the DHCP IP address from TWC. I have to disconnect the LAN cable from the PIX outside interface and connect it directly to the F0/0 on the router, allow the DHCP address to be obtained, and then reconnect the TWC modem back to the outside interface. About every 24 hours, I have to continue to the same process when the router's DHCP lease ends. I know there are other ways around it (ie. configuring the PIX in router mode, getting rid of the PIX and using the firewall ability in the router's IOS), but this is the hardware configuration I would like to use. I am unfamiliar with setting up a PIX / Firewall, and I would like to use this as one of my many learning experiences. (This was posted in the router page, but I was informed it belonged here.) I was informed that this is not possible in transparent mode.

Diagram:


PIX Configuration Summary:
PIX Version 7.0(1)
names
!
interface Ethernet0
speed 100
duplex full
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet1
speed 100
duplex full
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface Ethernet2
speed 100
duplex full
nameif management
security-level 0
ip address 192.168.201.8 255.255.255.0
management-only
!
object-group service dhcpPorts tcp
description TCP DHCP Ports
port-object range 67 68
object-group service dhcpServices udp
description UDP Dhcp Ports
port-object eq bootps
port-object eq bootpc
object-group icmp-type ICMP-INBOUND
description Permit necessary ICMP traffic
icmp-object echo-reply
icmp-object unreachable
icmp-object time-exceeded
access-list INBOUND extended permit icmp any any object-group ICMP-INBOUND
nat-control
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group INBOUND in interface outside
ssh timeout 5
console timeout 0
dhcprelay server 142.254.136.237 outside
dhcprelay enable inside
dhcprelay setroute inside
dhcprelay timeout 60
: end

Router Configuration Summary:
version 12.4
!
interface FastEthernet0/1
description WAN connection to the internet through ISP
ip address 192.168.10.2 255.255.255.0
ip virtual-reassembly
speed 100
full-duplex
!
interface FastEthernet1/0-15/0
!
interface FastEthernet2/0
description Connected to Fiber Optic LAN
ip address 192.168.0.1 255.255.255.0
ip virtual-reassembly
full-duplex
!
interface Content-Engine3/0
ip address 192.168.101.1 255.255.255.0
service-module external ip address 192.168.201.9 255.255.255.0
service-module ip address 192.168.101.2 255.255.255.0
service-module ip default-gateway 192.168.101.1
!
interface Vlan1
description Connected to Wired-Wireless LAN
ip address 192.168.201.1 255.255.255.0
ip virtual-reassembly
!
router rip
version 2
network 192.168.0.0
network 192.168.10.0
network 192.168.101.0
network 192.168.201.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 192.168.10.1
!
access-list 10 permit 192.168.0.0 0.0.0.255
access-list 10 permit 192.168.10.0 0.0.0.255
access-list 10 permit 192.168.101.0 0.0.0.255
access-list 10 permit 192.168.201.0 0.0.0.255
!
end

What PIX IOS command sequence, or ASDM configuration screen(s) settings, would I use to allow DHCP IP and DNS requests and
addresses to pass through to the inside interface and ultimately the router? Could I get a sample configuration?

Thanks,
brownamb53

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close