RE: ISA denies DHCP request

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 20 Dec 2005 17:10:50 -0800

I looked at the captures - both ISA NICs are seeing DHCP traffic to/from
192.168.1.2 (DHCP server).

Odds are, your customer has both ISA NICs plugged into the same hub (or
a misconfigured switch).

Also of concern is that you stated the ISA has two NICs, but the IP
addresses (192.168.1.2 (internal) and 192.168.1.111 (external) appear to
be in the same subnet.

I've fixed the ipconfig problem in isainfo - can you get a fresh one?

--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
--------------------------------------------

-----Original Message-----
From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
Sent: Monday, December 05, 2005 12:13 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA denies DHCP request

http://www.ISAserver.org

Both are static.

Amy
 
Harbor Computer Services
Small Business Computer Specialists
 
Client Blog: http://smalltechnotes.blogspot.com/
Tech Blog: http://isainsbs.blogspot.com/
Website: http://www.harborcomputerservices.net/
 

 
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Monday, December 05, 2005 3:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA denies DHCP request

http://www.ISAserver.org

IPConfig failed to execute; is the external NIC static or
dynamically-assigned?


-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
Sent: Monday, December 05, 2005 11:58
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA denies DHCP request

http://www.ISAserver.org

It is. 

SBS servers are given these default ISA DHCP rules:

SBS LocalHost DHCP Access (DHCP Reply protocol from External to
LocalHost by All Users)

And these System Policy entries:

All DHCP Requests from ISA to All Networks (DHCP request protocol, from
Internal to All Networks by All Users.)

Allow DHCP Replies from DHCP Servers to ISA Server (DHCP reply protocol,
from Internal to Local Host by All Users)


Amy
 
Harbor Computer Services
Small Business Computer Specialists

Client Blog: http://smalltechnotes.blogspot.com/
Tech Blog: http://isainsbs.blogspot.com/
Website: http://www.harborcomputerservices.net/
 

 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Monday, December 05, 2005 2:45 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA denies DHCP request

http://www.ISAserver.org

Is the DHCP service configured to use only the internal interface?

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

 

> -----Original Message-----
> From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> Sent: Monday, December 05, 2005 1:29 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA denies DHCP request
> 
> http://www.ISAserver.org
> 
> Yes, it is.
> 
> Amy
>  
> Harbor Computer Services
> Small Business Computer Specialists
>  
> Client Blog: http://smalltechnotes.blogspot.com/
> Tech Blog: http://isainsbs.blogspot.com/
> Website: http://www.harborcomputerservices.net/
>  
> 
>  
> 
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Monday, December 05, 2005 2:20 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA denies DHCP request
> 
> http://www.ISAserver.org
> 
> Hi Amy,
> 
> Is the DHCP server on the ISA firewall?
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
> 
>  
> 
> > -----Original Message-----
> > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> > Sent: Monday, December 05, 2005 1:12 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] ISA denies DHCP request
> > 
> > http://www.ISAserver.org
> > 
> > I got stumped this weekend. A fellow consultant has a SBS
> box with ISA
> > 2004. After the upgrade from ISA 2000 to ISA 2004, ISA denies DHCP 
> > requests because it sees them as coming in on the external NIC.
> > 
> > I checked all of the usual stuff. NICs are configured correctly. 
> > Binding order is correct. Routing table looks normal. DHCP rules
> are correct.
> > Clients are correctly configured. External NIC is connected only to 
> > the ADSL modem, Internal NIC is connected only to a switch with
> the PC's. 
> > 
> > Here's the packets. I can't figure out why ISA thinks these 
> > are external
> > packets.
> > 
> > 192.168.1.16        SBSERVER        UDP     68      0       
> 0     0
> > 0x0         0x0     0x0     Firewall        12/4/2005 9:10  
> 192.168.1.2
> > 67  DHCP (request)  Initiated Connection    SBS Protected Networks
> > Access Rule 192.168.1.16    Internal        Local Host
> > 
> > 0.0.0.0     SBSERVER        UDP     68      0       0       0
> > 0xc004000d FWX_E_POLICY_RULES_DENIED        0x0     0x0     Firewall
> > 12/4/2005 9:10      255.255.255.255 67      DHCP (request)  Denied
> > Connection  Default rule    0.0.0.0 External        Local Host
> > 
> > 0.0.0.0     SBSERVER        UDP     68      0       0       0
> > 0xc004000d FWX_E_POLICY_RULES_DENIED        0x0     0x0     Firewall
> > 12/4/2005 9:10      255.255.255.255 67      DHCP (request)  Denied
> > Connection  Default rule    0.0.0.0 External        Local Host
> > 
> > 0.0.0.0     SBSERVER        UDP     68      0       0       0
> > 0xc004000d FWX_E_POLICY_RULES_DENIED        0x0     0x0     Firewall
> > 12/4/2005 9:10      255.255.255.255 67      DHCP (request)  Denied
> > Connection  Default rule    0.0.0.0 External        Local Host
> > 
> > 
> > This server also has difficulty with VPN clients. They also 
> don't get
> > served IP addresses by the DHCP server. However, even when you
> > statically assign the VPN client an address, access to shares on the
> > server is denied.
> > 
> > Removed and reinstall DHCP. Disabled and reconfigured Routing 
> > and Remote
> > Access. No luck.
> > 
> > 
> > 
> > Amy
> >  
> > Harbor Computer Services
> > Small Business Computer Specialists
> >  
> > Client Blog: http://smalltechnotes.blogspot.com/
> > Tech Blog: http://isainsbs.blogspot.com/
> > Website: http://www.harborcomputerservices.net/


All mail to and from this domain is GFI-scanned.

Other related posts:

• » ISA denies DHCP request
• » RE: ISA denies DHCP request
• » RE: ISA denies DHCP request
• » RE: ISA denies DHCP request
• » RE: ISA denies DHCP request
• » RE: ISA denies DHCP request
• » RE: ISA denies DHCP request
• » RE: ISA denies DHCP request
• » RE: ISA denies DHCP request
• » RE: ISA denies DHCP request
• » RE: ISA denies DHCP request
• » RE: ISA denies DHCP request
• » RE: ISA denies DHCP request
• » RE: ISA denies DHCP request
• » RE: ISA denies DHCP request
• » RE: ISA denies DHCP request

1. Home
2. isalist
3. Archive
4. 12-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---