[c-nsp] DHCP Relay for LAN behind VPN HW Client

Vincent gscisco at gmail.com
Fri Feb 8 10:05:41 EST 2008 

Hi Peter,

No we don't have any L3 on the local networks. We use the VPN3002 for simple
sites that have one subnet and have a couple of switches behind the VPN3002.

The 3005 has relay options however the 3002 does not.

Thanks,
Vincent
On Feb 8, 2008 2:37 PM, Peter Rathlev <peter at rathlev.dk> wrote:

> Hi Vincent,
>
> Do you have L3-termination on a router behind the 3002 on the LAN side?
> In that case you can forward the DHCP requests via an "ip
> helper-address". This converts local broadcasts to unicast packets
> destined for e.g. the DHCP server. That works fine through an IPSec
> tunnel.
>
> Otherwise the 3002 might be able to relay itself. I don't have a 3002
> nearby, but the 3005 has DHCP Relay options under "Configuration" ->
> "System" -> "IP Routing" -> "DHCP Relay". That might work as you want.
>
> Regards,
> Peter
>
>
> On Fri, 2008-02-08 at 13:32 +0100, Vincent wrote:
> > Hi ,
> >
> > Just trying to get my head around whether the following setup we have in
> > mind will work.
> >
> > DHCP Server ---> VPN 3030 concentrator <<<<IPSEC Remote access
> Tunnel>>>>
> > VPN3002 HW Client --> Local Lan with users.
> >
> > Now we would like the local LAN behind the VPN3002 HW Client to receive
> an
> > IP from the DHCP server behind the VPN 3030 concentrator. This will
> > obviously work with remote access tunnel via VPN clients. However could
> we
> > also get this done for the users behind the remote access client (the
> 3002
> > here).
> >
> > Normally the VPN 3002 can provide DHCP server functionality but I'm not
> > entirely sure whether it would also relaying. I'm afraid it won't.
> >
> > I will try to setup a test for this but if anyone has already experience
> on
> > this that would be very helpful :)
> >
> > Thanks and regards,
> > Vincent
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>

More information about the cisco-nsp mailing list