As more Cisco devices are used in SOHO environments, it becomes more important that they support features such as Dynamic Host Configuration Protocol (DHCP). Hosts use DHCP to dynamically obtain their Internet configuration instead of being configured with a static IP address and other parameters. The operation is very simple: Upon connection, a client sends a UDP broadcast, and if receives a specific reply, it configures itself correspondingly. Of course, this works only on the directly connected LAN segment or on the segments that are connected through bridges or routers, which forward broadcasts. This method can be used, for example, to simplify workstation management; all reconfigurations will be carried on only on the DHCP server itself, which will provide the new configuration to the workstations.

The Cisco PIX firewall can act both as a DHCP server and a client. In the first case, it will probably be a gateway for a small network of workstations and provide them all the information they need in order to connect to the Internet. In its client role, it may be a gateway for a network connected through a dialup line, acquiring its outside interface address from the ISP's DHCP server.

Although DHCP functionality on the PIX firewall is available on all models of hardware, it was specifically designed for PIX 501, 506, and 506E, which are used primarily in SOHO environments. This is why the DHCP features the PIX firewall offers have some limitations. For example, the DHCP server can only...