pix 501 and dhcp on the outside interface issue

Author	All Replies
devicemanage Premium join:2002-03-16 Chalfont, PA ·Comcast ·Vonage ·Verizon FIOS	pix 501 and dhcp on the outside interface issue I have a pix 501 on my residential fios, outside interface set to dhcp, fios in bridge mode. Puts the public ip on my outside interface of the pix. Inside interface is a 10.1.1.1 - next is my router cisco 2611xm outside is 10.1.1.2 and inside is 192.168.100.1 - the 2611 is my dhcp server handing out 192.168.100.x - but for some reason now, i noticed that the outside interface of the pix is picking up a 192.168.100.x address. How can this be? Is there a way I can block dhcp from getting out into the 10x network? -- »www.devicemanager.net
	to forum · permalink · · 2009-11-02 20:02:06 ·
ladino join:2001-02-24 USA	Confirm that the mac-address listed listed in the router's assigned DHCP bind pool is that of the PIX. If it is, create an ACL to deny UDP bootpc/bootps on the routers outside interface.
	to forum · permalink · · 2009-11-04 09:20:15 ·
devicemanage Premium join:2002-03-16 Chalfont, PA ·Comcast ·Vonage ·Verizon FIOS	Thanks for the reply! I do not have any pix ip's/mac's in the routers dhcp bindings as the pix is on a completely different subnet (its between my isp's ip and the outside of the 2611xm). Yet the dhcp makes it to the outside of the pix. This makes me nuts but either way the acl should be all that I need? -- »www.devicemanager.net
	to forum · permalink · · 2009-11-04 09:54:22 ·
ladino join:2001-02-24 USA	Is this your topology LAN------(192.168.100.1) 2611XM (10.1.1.2)-------(10.1.1.1) PIX (DHCP)----ISP Is there a switch between the PIX & the router? When the PIX gets this 192. address, can LAN clients STILL browse the internet? Could it be that your ISP is giving out that private IP address in question?
	to forum · permalink · · 2009-11-04 11:46:13 ·
devicemanage Premium join:2002-03-16 Chalfont, PA ·Comcast ·Vonage ·Verizon FIOS	Actually made a typo the 192.168.100.1 should be 251 but no biggie. There isn't a switch between the router and the pix. When the pix gets the 192 addy on the outside we can not browse the net - i dont think that address is coming from my isp as it comes from my dhcp pool which is a pretty specific range. If I create the acl on the outside of the 2611 - that should do the trick no? Currently the router is only in the equation for the dhcp service and we have battery backup on everything. But in the event the pix should go down, i need to power down the router so the pix can grab the addy from isp, then bring the router online. -- »www.devicemanager.net
	to forum · permalink · · 2009-11-04 12:02:31 ·
ladino join:2001-02-24 USA	Yes, the ACL on the 2611 should do the trick
	to forum · permalink · · 2009-11-04 12:54:40 ·
devicemanage Premium join:2002-03-16 Chalfont, PA	thank you!
	to forum · permalink · · 2009-11-04 13:02:11 ·


Tuesday, 15-Dec 04:22:28	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF