DNS Reply Modification Using Outside NAT
Configuring Dynamic Host Configuration Protocol on the Cisco
Security Appliance
The Cisco Security Appliance can be configured as either of the following:
■ DHCP server
■ DHCP client
Using the Cisco Security Appliance DHCP Server
The DHCP server is usually used in, but not limited to, SOHO environments. The address
pool of a Cisco Security Appliance DHCP server must be within the same subnet of the
Security Appliance interface that is enabled, and you must specify the associated Security
Appliance interface with if- name. In other words, the client must be physically connected to
the subnet of a Security Appliance interface. The size of the pool is limited to 32 addresses
with a 10-user license and 128 addresses with a 50-user license on the PIX 501. The
unlimited user license on the PIX 501 and all other Security Appliance platforms supports
256 addresses. To configure DHCP on a Security Appliance, use the dhcpd command. The
following is the syntax for the dhcpd command:
dhcpd address ip1[-ip2] if-name
dhcpd auto-config [outside]
dhcpd dns dns1 [dns2]
Web Server
www.cisco.com
10.1.13.3
5. HTTP request to
10.1.13.3.
DNS Server
4. The Security Appliance applies
address translation.
198.133.216.25 10.1.13.3
3. DNS server replies with
198.133.219.25.
1. Request for www.cisco.com
goes out to Security Appliance.
Workstation
User
10.1.13.126
2. Security Appliance
translates the non-routable
source address in the IP
header and forwards the
request to the ISP network
on its outside interface.