[isalist] DHCP VPN Questions

  • From: Steven Comeau <scomeau@xxxxxxxxxxxxxxxxxx>
  • To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 4 Mar 2009 09:57:10 -0500

I have ISA 2006 (on Server 2003, SP2, non-AD Domain) and have a DHCP server 
(internal) running to one of the NICs that I have for a Private network.  To 
avoid the DHCP server from going offline - due to a request to be Authenticated 
when it senses an AD Domain on one of the other Private space NICs that does 
have a Active Directory (AD) Domain, in the System Policy Editor, I have 
disabled the DHCP Configuration group and placed a rule to allow the DHCP 
(Local Host) to receive/send DHCP requests/replies to the non-AD NIC.

However, in doing that, whenever someone VPNS in, using the ISA server, I 
cannot get an IP address from the DHCP server on the AD NIC side (which is 
where I want to route VPN connections) - I get a 169 address.  To get the VPN 
clients to receive an IP address on the AD side, should I create a rule to/from 
the VPN Clients to/from the AD side (request/reply) or to/from Local Host 
to/from the AD side.  Again, I want to be able to use the DHCP server on the 
ISA server ONLY (Local Host) for the one Private network (the non-AD one) 
without it contacting the side with the AD Domain because it will shut off the 
DHCP server due to it being in an AD Domain but not Authenticated.


Steve Comeau
Associate Director of IT
Rutgers Athletics
83 Rockafeller Road
Piscataway, NJ  08854
732-445-4623 (fax)


***  This message contains confidential information and is
intended only for the individual named. If you are not the
named addressee, you should not disseminate, distribute or
copy this e-mail. Please notify the sender immediately by
e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be 
intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses.  The sender therefore does not
accept liability for any errors or omissions in the contents of
this message, which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
Rutgers University - DIA
83 Rockafeller Road
Piscataway, NJ 08854
www.scarletknights.com *** 

JPEG image

Other related posts: