Hmmm, do I smell worms? Steve Comeau Associate Director of IT Rutgers Athletics 83 Rockafeller Road Piscataway, NJ 08854 732-445-7802 732-445-4623 (fax) www.scarletknights.com<http://www.scarletknights.com> [cid:image003.png@01CA1676.0E48E250] [cid:image004.jpg@01CA1676.0E48E250] From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: Wednesday, August 05, 2009 8:41 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: DHCP Settings during VPN What is the routing table issue that prevents relay from working? I haven't seen any references to that problem. Tom ____________________________________________ TOM SHINDER | Sr. Consultant/Technical Writer 206.443.1117 | SHINDER@xxxxxxxxxxxxxxx<mailto:shinder@xxxxxxxxxxxxxxx> 5701 Sixth Avenue South | Seattle, WA 98108 PROWESS | WWW.PROWESSCORP.COM<http://www.prowesscorp.com/> ____________________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Wednesday, August 05, 2009 6:18 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: DHCP Settings during VPN The only problem is that the DHCP relay fails more often than it works (due to the routing table problem I mentioned) Jim ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steven Comeau [scomeau@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, August 05, 2009 11:25 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: DHCP Settings during VPN I started to read Tom S's article on DHCP with VPN on ISA but didn't finish it - should have! He goes into it a bit more with creating a DHCP relay in RRAS to get more options to the client. Thanks. Steve Comeau Associate Director of IT Rutgers Athletics 83 Rockafeller Road Piscataway, NJ 08854 732-445-7802 732-445-4623 (fax) www.scarletknights.com<http://www.scarletknights.com> [cid:image005.png@01CA1676.0E48E250] [cid:image006.jpg@01CA1676.0E48E250] From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Wednesday, August 05, 2009 12:34 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: DHCP Settings during VPN ISA allows you to choose between "use the selected NIC" and "use these static settings". There is no provision for "use the DHCP server associated with NIC x" Also, DHCP is not involved with VPN client initial IP configuration; even when you assign addresses using DHCP. RRAS queries the DHCP server for a block of IP addresses, then uses IPCP (Internet Protocol Control Protocol; http://www.networksorcery.com/enp/protocol/IPCP.htm) to provide IP configuration for VPN clients. This protocol provides a much smaller set of configuration options than does DHCP. Thus, expecting VPN clients to get the full DHCP options set is unrealistic. Also, ISA doesn't update its copy of the routing table as quickly as RRAS does, so DHCP INFORM messages are blocked with "spoofed" actions unti lthe ISA routing table is updated. Jim ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steven Comeau [scomeau@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, August 05, 2009 8:24 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] DHCP Settings during VPN Is there a reason why, when a client VPNs "into" the ISA server (2006), that the VPN adapter on the host PC grabs the DNS settings from the NIC of the "Internal" network of the ISA and not from the DHCP server? I setup the VPN to grab the IP address from the "Internal" NIC/Network using DHCP (there's a DHCP server on the "Internal" network), but I thought that other parameters sent by the DHCP server would pass through like the DNS servers, etc. (and I do understand why the Gateway IP shouldn't). Thanks. Steve Comeau Associate Director of IT Rutgers Athletics 83 Rockafeller Road Piscataway, NJ 08854 732-445-7802 732-445-4623 (fax) www.scarletknights.com<http://www.scarletknights.com> [cid:image005.png@01CA1676.0E48E250] [cid:image006.jpg@01CA1676.0E48E250] *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA 83 Rockafeller Road Piscataway, NJ 08854 www.scarletknights.com *** *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA 83 Rockafeller Road Piscataway, NJ 08854 www.scarletknights.com *** *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA 83 Rockafeller Road Piscataway, NJ 08854 www.scarletknights.com ***