RE: ISA denies DHCP request

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 5 Dec 2005 11:34:13 -0800

It's SBS, therefore - yes. 
That's why I'm interested in the ISAInfo - we'll get the DHCP server settings.

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Monday, December 05, 2005 11:20
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA denies DHCP request

http://www.ISAserver.org

Hi Amy,

Is the DHCP server on the ISA firewall?

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

 

> -----Original Message-----
> From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> Sent: Monday, December 05, 2005 1:12 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] ISA denies DHCP request
> 
> http://www.ISAserver.org
> 
> I got stumped this weekend. A fellow consultant has a SBS box with ISA 
> 2004. After the upgrade from ISA 2000 to ISA 2004, ISA denies DHCP 
> requests because it sees them as coming in on the external NIC.
> 
> I checked all of the usual stuff. NICs are configured correctly. 
> Binding order is correct. Routing table looks normal. DHCP rules are 
> correct.
> Clients are correctly configured. External NIC is connected only to 
> the ADSL modem, Internal NIC is connected only to a switch with the 
> PC's.
> 
> Here's the packets. I can't figure out why ISA thinks these are 
> external packets.
> 
> 192.168.1.16  SBSERVER        UDP     68      0       0       0
> 0x0   0x0     0x0     Firewall        12/4/2005 9:10  192.168.1.2
> 67    DHCP (request)  Initiated Connection    SBS Protected Networks
> Access Rule   192.168.1.16    Internal        Local Host
> 
> 0.0.0.0       SBSERVER        UDP     68      0       0       0
> 0xc004000d FWX_E_POLICY_RULES_DENIED  0x0     0x0     Firewall
> 12/4/2005 9:10        255.255.255.255 67      DHCP (request)  Denied
> Connection    Default rule    0.0.0.0 External        Local Host
> 
> 0.0.0.0       SBSERVER        UDP     68      0       0       0
> 0xc004000d FWX_E_POLICY_RULES_DENIED  0x0     0x0     Firewall
> 12/4/2005 9:10        255.255.255.255 67      DHCP (request)  Denied
> Connection    Default rule    0.0.0.0 External        Local Host
> 
> 0.0.0.0       SBSERVER        UDP     68      0       0       0
> 0xc004000d FWX_E_POLICY_RULES_DENIED  0x0     0x0     Firewall
> 12/4/2005 9:10        255.255.255.255 67      DHCP (request)  Denied
> Connection    Default rule    0.0.0.0 External        Local Host
> 
> 
> This server also has difficulty with VPN clients. They also don't get 
> served IP addresses by the DHCP server. However, even when you 
> statically assign the VPN client an address, access to shares on the 
> server is denied.
> 
> Removed and reinstall DHCP. Disabled and reconfigured Routing and 
> Remote Access. No luck.
> 
> 
> 
> Amy
>  
> Harbor Computer Services
> Small Business Computer Specialists
>  
> Client Blog: http://smalltechnotes.blogspot.com/
> Tech Blog: http://isainsbs.blogspot.com/
> Website: http://www.harborcomputerservices.net/
>  
> 
>  
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as: 
> tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx To unsubscribe visit 
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 12-2005