TABLE OF CONTENTS The Cisco PIX firewall can be both a Dynamic Host Control Protocol (DHCP) server and a client. As a DHCP server, it is a gateway for its networks providing them with addresses and other IP information. As a client, it obtains the necessary IP information to connect its networks to other networks. DHCP functionality was specifically designed for PIX 501, 506, and 506E, although it is available on all PIX models. The DHCP server can only support a maximum of 256 clients (or even fewer, depending on the firewall model, version, and license). There is no Bootstrap Protocol (BOOTP) support and no failover support as the current state of DHCP server or client is not replicated.
When configured as a DHCP client, the PIX firewall can obtain the configuration of its outside interface from a designated DHCP server (for example, a server located at an Internet Service Provider [ISP]). This configuration includes the IP address, the subnet mask, and optionally, the default route. The DHCP client feature can only be configured on the "outside" interface of the PIX firewall.
For example, this address can be used as a PAT address for all outgoing communications. This is configured in the following way (assuming that the DHCP client is already configured):
nat (inside) 1 0 0global (outside) 1 interface
This configuration PATs all outbound inside IP addresses to whatever IP address gets assigned to the outside interface.
To configure the DHCP client, the ip address...
