[isalist] Re: DHCP Settings during VPN

  • From: Jim Harrison <Jim@xxxxxxxxxxxx>
  • To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 5 Aug 2009 09:34:25 -0700

ISA allows you to choose between "use the selected NIC" and "use these static 
settings".
There is no provision for "use the DHCP server associated with NIC x"



Also, DHCP is not involved with VPN client initial IP configuration; even when 
you assign addresses using DHCP.

RRAS queries the DHCP server for a block of IP addresses, then uses IPCP 
(Internet Protocol Control Protocol; 
http://www.networksorcery.com/enp/protocol/IPCP.htm) to provide IP 
configuration for VPN clients.

This protocol provides a much smaller set of configuration options than does 
DHCP.

Thus, expecting VPN clients to get the full DHCP options set is unrealistic.



Also, ISA doesn't update its copy of the routing table as quickly as RRAS does, 
so DHCP INFORM messages are blocked with "spoofed" actions unti lthe ISA 
routing table is updated.



Jim



________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of 
Steven Comeau [scomeau@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, August 05, 2009 8:24 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] DHCP Settings during VPN

Is there a reason why, when a client VPNs “into” the ISA server (2006), that 
the VPN adapter on the host PC grabs the DNS settings from the NIC of the 
“Internal” network of the ISA and not from the DHCP server?  I setup the VPN to 
grab the IP address from the “Internal” NIC/Network using DHCP (there’s a DHCP 
server on the “Internal” network), but I thought that other parameters sent by 
the DHCP server would pass through like the DNS servers, etc. (and I do 
understand why the Gateway IP shouldn’t).

Thanks.

Steve Comeau
Associate Director of IT  Rutgers Athletics
83 Rockafeller Road
Piscataway, NJ  08854
732-445-7802
732-445-4623 (fax)
www.scarletknights.com<http://www.scarletknights.com>


[cid:image005.png@01CA15BF.42EBD8D0]
  [cid:image006.jpg@01CA15BF.42EBD8D0]





***  This message contains confidential information and is
intended only for the individual named. If you are not the
named addressee, you should not disseminate, distribute or
copy this e-mail. Please notify the sender immediately by
e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses.  The sender therefore does not
accept liability for any errors or omissions in the contents of
this message, which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
Rutgers University - DIA
83 Rockafeller Road
Piscataway, NJ 08854
www.scarletknights.com ***


PNG image

JPEG image

Other related posts: