GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: Need help on DHCP Problem - via Checkpoint Firewall pls [7:85433] posted 03/05/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Hin,

I just ran into 98% the same thing, only the FW [actually 2] were PIXs [and 
they were connected via ipsec vpn]..  The routers in my case was a 2620s vs. 
3620/7200.  The distant end 2620 was on 12.0.7 while the local end 2620 was 
on 12.2.  

Anyhow, debuged debuged debuged and finally gave in [ego!] and called TAC. 
Sure enough, there's a bug in 12.0.7.  I can look up the bug # if you want.

SOLUTION:::
	conf t
	arp ip.ip.ip.ip macm.acma.cmac arpa
	exit
	wr me

where ip.ip.ip.ip == FW IP on the 3620 side, 
and macm.acma.cmac == FW mac on the 3620 side

hth,
TroyC

On Thursday 04 March 2004 19:37, Hinwoto wrote:
> Hi Guys,
>
> I need help about implementing dhcp via Checkpoint Firewall,
>
> The topolgy is like this
>
> dhcp srv ----- rtr 7200 --- Checkpoint FW ---- rtr 3620 --- client laptop
>
> All interface used is ethernet (RJ45).
> The client laptop failed to get dhcp ip
>
> The configuration :
> on rtr 3620 : it is already configured : ip helper address 10.2.0.1 (dhcp
> server ip)
> 3620's IOS is  12.0(7) XK1
> and the debug ip packet detailed on rtr 3620 showed
> ---------------------------------------------------------------------------
>- ------------
> 4d04h: IP: s=0.0.0.0 (FastEthernet0/1), d=255.255.255.255, len 328, rcvd 2
>
> 4d04h: UDP src=68, dst=67
>
> 4d04h: IP: s=10.2.78.254 (local), d=10.2.0.1 (FastEthernet0/0), len 328,
> sen
>
> ding
>
> 4d04h: UDP src=67, dst=67
>
> 4d04h: IP: s=10.2.78.254 (local), d=10.2.0.1 (FastEthernet0/0), len 328,
> enc
>
> apsulation failed
>
> 4d04h: UDP src=67, dst=67
>
> ---------------------------------------------------------------------------
>- -------------------------------
>
> ip 10.2.78.254 is ip of ethernet intf that connect to client laptop
> ip 10.2.0.1       is ip of dhcp server
>
> On FW : it has already allowed the bootp , dhcp request
>
> I ever read that some IOS version has bug in dhcp service / dhcp anomaly.
> but I am not sure which one.
>
> Does anyone who has ever implement this configuration, please share the
> experience
> and show me the light ?
> And I still can't figure out what may cause the encapsulation failed on the
> debug log.
>
> Thanks in advance and looking forward to your help
> hin
>


---
No bits were hurt during the transmission of this Email
---




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=85433&t=85433
--------------------------------------------------
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html