[isalist] Re: DHCP Settings during VPN

  • From: Jim Harrison <Jim@xxxxxxxxxxxx>
  • To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 6 Aug 2009 06:45:03 -0700

Careful - "funny smells" are a sign of an impending migraine...
:-p

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Steven Comeau
Sent: Thursday, August 06, 2009 6:13 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: DHCP Settings during VPN

Hmmm, do I smell worms?

Steve Comeau
Associate Director of IT  Rutgers Athletics
83 Rockafeller Road
Piscataway, NJ  08854
732-445-7802
732-445-4623 (fax)
www.scarletknights.com<http://www.scarletknights.com>


[cid:image001.png@01CA1661.6D329230]
  [cid:image002.jpg@01CA1661.6D329230]




From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Thomas W Shinder
Sent: Wednesday, August 05, 2009 8:41 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: DHCP Settings during VPN

What is the routing table issue that prevents relay from working? I haven't 
seen any references to that problem.

Tom

____________________________________________
TOM SHINDER   |   Sr. Consultant/Technical Writer
206.443.1117   |   SHINDER@xxxxxxxxxxxxxxx<mailto:shinder@xxxxxxxxxxxxxxx>

5701 Sixth Avenue South   |   Seattle, WA 98108
PROWESS   |   WWW.PROWESSCORP.COM<http://www.prowesscorp.com/>
____________________________________________

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Wednesday, August 05, 2009 6:18 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: DHCP Settings during VPN

The only problem is that the DHCP relay fails more often than it works (due to 
the routing table problem I mentioned)

Jim

________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of 
Steven Comeau [scomeau@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, August 05, 2009 11:25 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: DHCP Settings during VPN
I started to read Tom S's article on DHCP with VPN on ISA but didn't finish it 
- should have!  He goes into it a bit more with creating a DHCP relay in RRAS 
to get more options to the client.

Thanks.

Steve Comeau
Associate Director of IT  Rutgers Athletics
83 Rockafeller Road
Piscataway, NJ  08854
732-445-7802
732-445-4623 (fax)
www.scarletknights.com<http://www.scarletknights.com>


[cid:image003.png@01CA1661.6D329230]
  [cid:image002.jpg@01CA1661.6D329230]




From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Wednesday, August 05, 2009 12:34 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: DHCP Settings during VPN

ISA allows you to choose between "use the selected NIC" and "use these static 
settings".
There is no provision for "use the DHCP server associated with NIC x"



Also, DHCP is not involved with VPN client initial IP configuration; even when 
you assign addresses using DHCP.

RRAS queries the DHCP server for a block of IP addresses, then uses IPCP 
(Internet Protocol Control Protocol; 
http://www.networksorcery.com/enp/protocol/IPCP.htm) to provide IP 
configuration for VPN clients.

This protocol provides a much smaller set of configuration options than does 
DHCP.

Thus, expecting VPN clients to get the full DHCP options set is unrealistic.



Also, ISA doesn't update its copy of the routing table as quickly as RRAS does, 
so DHCP INFORM messages are blocked with "spoofed" actions unti lthe ISA 
routing table is updated.



Jim



________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of 
Steven Comeau [scomeau@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, August 05, 2009 8:24 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] DHCP Settings during VPN
Is there a reason why, when a client VPNs "into" the ISA server (2006), that 
the VPN adapter on the host PC grabs the DNS settings from the NIC of the 
"Internal" network of the ISA and not from the DHCP server?  I setup the VPN to 
grab the IP address from the "Internal" NIC/Network using DHCP (there's a DHCP 
server on the "Internal" network), but I thought that other parameters sent by 
the DHCP server would pass through like the DNS servers, etc. (and I do 
understand why the Gateway IP shouldn't).

Thanks.

Steve Comeau
Associate Director of IT  Rutgers Athletics
83 Rockafeller Road
Piscataway, NJ  08854
732-445-7802
732-445-4623 (fax)
www.scarletknights.com<http://www.scarletknights.com>


[cid:image003.png@01CA1661.6D329230]
  [cid:image002.jpg@01CA1661.6D329230]





***  This message contains confidential information and is

intended only for the individual named. If you are not the

named addressee, you should not disseminate, distribute or

copy this e-mail. Please notify the sender immediately by

e-mail if you have received this e-mail by mistake and delete

this e-mail from your system. E-mail transmission cannot be

guaranteed to be secure or error-free as information could be

intercepted, corrupted, lost, destroyed, arrive late or

incomplete, or contain viruses.  The sender therefore does not

accept liability for any errors or omissions in the contents of

this message, which arise as a result of e-mail transmission.

If verification is required please request a hard-copy version.

Rutgers University - DIA

83 Rockafeller Road

Piscataway, NJ 08854

www.scarletknights.com ***



***  This message contains confidential information and is

intended only for the individual named. If you are not the

named addressee, you should not disseminate, distribute or

copy this e-mail. Please notify the sender immediately by

e-mail if you have received this e-mail by mistake and delete

this e-mail from your system. E-mail transmission cannot be

guaranteed to be secure or error-free as information could be

intercepted, corrupted, lost, destroyed, arrive late or

incomplete, or contain viruses.  The sender therefore does not

accept liability for any errors or omissions in the contents of

this message, which arise as a result of e-mail transmission.

If verification is required please request a hard-copy version.

Rutgers University - DIA

83 Rockafeller Road

Piscataway, NJ 08854

www.scarletknights.com ***



***  This message contains confidential information and is

intended only for the individual named. If you are not the

named addressee, you should not disseminate, distribute or

copy this e-mail. Please notify the sender immediately by

e-mail if you have received this e-mail by mistake and delete

this e-mail from your system. E-mail transmission cannot be

guaranteed to be secure or error-free as information could be

intercepted, corrupted, lost, destroyed, arrive late or

incomplete, or contain viruses.  The sender therefore does not

accept liability for any errors or omissions in the contents of

this message, which arise as a result of e-mail transmission.

If verification is required please request a hard-copy version.

Rutgers University - DIA

83 Rockafeller Road

Piscataway, NJ 08854

www.scarletknights.com ***

PNG image

JPEG image

PNG image

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 08-2009