[isalist] Re: DHCP Settings during VPN

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 5 Aug 2009 19:41:21 -0500

What is the routing table issue that prevents relay from working? I
haven't seen any references to that problem.

 

Tom

 

____________________________________________

TOM SHINDER   |   Sr. Consultant/Technical Writer 
206.443.1117   |   SHINDER@xxxxxxxxxxxxxxx


5701 Sixth Avenue South   |   Seattle, WA 98108  
PROWESS   |   WWW.PROWESSCORP.COM <http://www.prowesscorp.com/> 

____________________________________________

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Wednesday, August 05, 2009 6:18 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: DHCP Settings during VPN

 

The only problem is that the DHCP relay fails more often than it works
(due to the routing table problem I mentioned)

 

Jim

 

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Steven Comeau [scomeau@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, August 05, 2009 11:25 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: DHCP Settings during VPN

I started to read Tom S's article on DHCP with VPN on ISA but didn't
finish it - should have!  He goes into it a bit more with creating a
DHCP relay in RRAS to get more options to the client.

 

Thanks.

 

Steve Comeau

Associate Director of IT  Rutgers Athletics

83 Rockafeller Road

Piscataway, NJ  08854

732-445-7802

732-445-4623 (fax)

www.scarletknights.com <http://www.scarletknights.com> 

                   

 

   

        

 

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Wednesday, August 05, 2009 12:34 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: DHCP Settings during VPN

 

ISA allows you to choose between "use the selected NIC" and "use these
static settings".

There is no provision for "use the DHCP server associated with NIC x"

 

Also, DHCP is not involved with VPN client initial IP configuration;
even when you assign addresses using DHCP.

RRAS queries the DHCP server for a block of IP addresses, then uses IPCP
(Internet Protocol Control Protocol; 
http://www.networksorcery.com/enp/protocol/IPCP.htm) to provide IP
configuration for VPN clients.

This protocol provides a much smaller set of configuration options than
does DHCP.

Thus, expecting VPN clients to get the full DHCP options set is
unrealistic.

 

Also, ISA doesn't update its copy of the routing table as quickly as
RRAS does, so DHCP INFORM messages are blocked with "spoofed" actions
unti lthe ISA routing table is updated.

 

Jim

 

________________________________

From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Steven Comeau [scomeau@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, August 05, 2009 8:24 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] DHCP Settings during VPN

Is there a reason why, when a client VPNs "into" the ISA server (2006),
that the VPN adapter on the host PC grabs the DNS settings from the NIC
of the "Internal" network of the ISA and not from the DHCP server?  I
setup the VPN to grab the IP address from the "Internal" NIC/Network
using DHCP (there's a DHCP server on the "Internal" network), but I
thought that other parameters sent by the DHCP server would pass through
like the DNS servers, etc. (and I do understand why the Gateway IP
shouldn't).

 

Thanks.

 

Steve Comeau

Associate Director of IT  Rutgers Athletics

83 Rockafeller Road

Piscataway, NJ  08854

732-445-7802

732-445-4623 (fax)

www.scarletknights.com <http://www.scarletknights.com> 

                   



  

        

 

 

***  This message contains confidential information and is
intended only for the individual named. If you are not the
named addressee, you should not disseminate, distribute or
copy this e-mail. Please notify the sender immediately by
e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be 
intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses.  The sender therefore does not
accept liability for any errors or omissions in the contents of
this message, which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
Rutgers University - DIA
83 Rockafeller Road
Piscataway, NJ 08854
www.scarletknights.com *** 
 
***  This message contains confidential information and is
intended only for the individual named. If you are not the
named addressee, you should not disseminate, distribute or
copy this e-mail. Please notify the sender immediately by
e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be 
intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses.  The sender therefore does not
accept liability for any errors or omissions in the contents of
this message, which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
Rutgers University - DIA
83 Rockafeller Road
Piscataway, NJ 08854
www.scarletknights.com ***

PNG image

JPEG image

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 08-2009