It's SBS, therefore - yes. That's why I'm interested in the ISAInfo - we'll get the DHCP server settings. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Monday, December 05, 2005 11:20 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA denies DHCP request http://www.ISAserver.org Hi Amy, Is the DHCP server on the ISA firewall? Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] > Sent: Monday, December 05, 2005 1:12 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] ISA denies DHCP request > > http://www.ISAserver.org > > I got stumped this weekend. A fellow consultant has a SBS box with ISA > 2004. After the upgrade from ISA 2000 to ISA 2004, ISA denies DHCP > requests because it sees them as coming in on the external NIC. > > I checked all of the usual stuff. NICs are configured correctly. > Binding order is correct. Routing table looks normal. DHCP rules are > correct. > Clients are correctly configured. External NIC is connected only to > the ADSL modem, Internal NIC is connected only to a switch with the > PC's. > > Here's the packets. I can't figure out why ISA thinks these are > external packets. > > 192.168.1.16 SBSERVER UDP 68 0 0 0 > 0x0 0x0 0x0 Firewall 12/4/2005 9:10 192.168.1.2 > 67 DHCP (request) Initiated Connection SBS Protected Networks > Access Rule 192.168.1.16 Internal Local Host > > 0.0.0.0 SBSERVER UDP 68 0 0 0 > 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall > 12/4/2005 9:10 255.255.255.255 67 DHCP (request) Denied > Connection Default rule 0.0.0.0 External Local Host > > 0.0.0.0 SBSERVER UDP 68 0 0 0 > 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall > 12/4/2005 9:10 255.255.255.255 67 DHCP (request) Denied > Connection Default rule 0.0.0.0 External Local Host > > 0.0.0.0 SBSERVER UDP 68 0 0 0 > 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall > 12/4/2005 9:10 255.255.255.255 67 DHCP (request) Denied > Connection Default rule 0.0.0.0 External Local Host > > > This server also has difficulty with VPN clients. They also don't get > served IP addresses by the DHCP server. However, even when you > statically assign the VPN client an address, access to shares on the > server is denied. > > Removed and reinstall DHCP. Disabled and reconfigured Routing and > Remote Access. No luck. > > > > Amy > > Harbor Computer Services > Small Business Computer Specialists > > Client Blog: http://smalltechnotes.blogspot.com/ > Tech Blog: http://isainsbs.blogspot.com/ > Website: http://www.harborcomputerservices.net/ > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.