Hi Reinhard. Yes I did. In other installations where we use Nokia appliances DHCP works fine. Olaf
________________________________ Von: Mailing list for discussion of Firewall-1 im Auftrag von Reinhard Stich Gesendet: Di 31.01.2006 00:33 An: [email protected] Betreff: Re: [FW-1] DHCP through VPN with SecurePlatform hi, did you enable the dhcp-relay server? I've seen that with nokia appliances (ipso OS). cheers reinhard At 19:41 30.01.2006, you wrote: >Hello. > > > >Does someone use DHCP through VPN with SecurePlatform R55 or R60. I >see the returned dhcp offer on my external site gateway but the >gateway doesn't send the dhcp-replay to the client. In captured >packages I can see the right offer and the right clients destination >mac address. > > > >I use simply rules (include the implied rules) no SmartDefence. > >I disabled antispoofing. > >The logfile shows encrypted dhcp traffic. > >The same occurs also if I use no encryption. > > > >"fw moniotor -m iIoO" on the external gateway shows: > >eth0:i[328]: 0.0.0.0 -> 255.255.255.255 (UDP) len=328 id=256 UDP: 68 -> 67 > >eth0:I[328]: 0.0.0.0 -> 255.255.255.255 (UDP) len=328 id=256 UDP: 68 -> 67 > >eth1:o[328]: xxx.xxx.xxx.216 -> 172.17.1.1 (UDP) len=328 id=13 UDP: 67 -> 67 > >eth1:O[392]: xxx.xxx.xxx.216 -> xxx.xxx.xxx.215 (50) len=392 id=13 > >eth1:i[392]: xxx.xxx.xxx.215 -> xxx.xxx.xxx.216 (50) len=392 id=13 > >eth1:I[333]: 172.17.1.1 -> 172.18.0.1 (UDP) len=333 id=255 > > > >172.17.1.1/16 = central DHCP-Server > >172.18.0.1/16 = external site GW LAN Interface > >xxx.xxx.xxx.216 = external site GW WAN Interface > >xxx.xxx.xxx.215 = central site GW WAN Interface > > > > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= -- Reinhard Stich ASSIST [EMAIL PROTECTED] Internet Security AG, 1150 Wien, Johnstrasse 29 Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
