hi,

I've a router with the lan interface fastethernet0 10.0.0.1
This router acts as a dhcp server and as a firewall (ip inspect).
What is the best rule (standard or extended or inspect) that I should add so
that my clients (which are on 10.0.0.0/24 lan) are able to get their dhcp
leases, as for now, they don't receive the lease with the actual config!?


Thx for helping!
here is what I'm using currently:

ip dhcp pool DHCPPoolLAN
network 10.0.0.0 255.255.255.0
dns-server x.y.z.y
default-router 10.0.0.1
lease 0 0 30

! ip firewall
ip inspect audit-trail
ip inspect udp idle-time 1800
ip inspect dns-timeout 7
ip inspect tcp idle-time 14400
ip inspect name standard cuseeme
ip inspect name standard ftp
ip inspect name standard h323
ip inspect name standard http
ip inspect name standard rcmd
ip inspect name standard realaudio
ip inspect name standard smtp
ip inspect name standard sqlnet
ip inspect name standard streamworks
ip inspect name standard tcp
ip inspect name standard tftp
ip inspect name standard udp
ip inspect name standard vdolive
!
! clients can do anything
access-list 111 permit ip 10.0.0.0 0.0.0.255 any
access-list 111 deny ip any any
!
!
interface FastEthernet0
ip address 10.0.0.1 255.255.255.0
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip inspect standard in
speed auto
ntp broadcast client
no cdp enable

On Mon, 12 Jan 2004 23:16:02 +0100, Boris wrote:

Well, assuming that 111 <> 101 is a typo of some sort perhaps:

access-list 111 permit ip 10.0.0.0 0.0.0.255 any
access-list 111 permit udp any any eq 67
-or-
access-list 111 permit udp host 0.0.0.0 eq 68 host 255.255.255.255 eq 67
access-list 111 deny ip any any

--
Rgds,
Martin

thx a lot!