RE: ISA denies DHCP request
- From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 5 Dec 2005 15:12:34 -0500
Both are static.
Amy
Harbor Computer Services
Small Business Computer Specialists
Client Blog: http://smalltechnotes.blogspot.com/
Tech Blog: http://isainsbs.blogspot.com/
Website: http://www.harborcomputerservices.net/
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Monday, December 05, 2005 3:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA denies DHCP request
http://www.ISAserver.org
IPConfig failed to execute; is the external NIC static or
dynamically-assigned?
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Monday, December 05, 2005 11:58
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA denies DHCP request
http://www.ISAserver.org
It is.
SBS servers are given these default ISA DHCP rules:
SBS LocalHost DHCP Access (DHCP Reply protocol from External to
LocalHost by All Users)
And these System Policy entries:
All DHCP Requests from ISA to All Networks (DHCP request protocol, from
Internal to All Networks by All Users.)
Allow DHCP Replies from DHCP Servers to ISA Server (DHCP reply protocol,
from Internal to Local Host by All Users)
Amy
Harbor Computer Services
Small Business Computer Specialists
Client Blog: http://smalltechnotes.blogspot.com/
Tech Blog: http://isainsbs.blogspot.com/
Website: http://www.harborcomputerservices.net/
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Monday, December 05, 2005 2:45 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA denies DHCP request
http://www.ISAserver.org
Is the DHCP service configured to use only the internal interface?
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message-----
> From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> Sent: Monday, December 05, 2005 1:29 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA denies DHCP request
>
> http://www.ISAserver.org
>
> Yes, it is.
>
> Amy
>
> Harbor Computer Services
> Small Business Computer Specialists
>
> Client Blog: http://smalltechnotes.blogspot.com/
> Tech Blog: http://isainsbs.blogspot.com/
> Website: http://www.harborcomputerservices.net/
>
>
>
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Monday, December 05, 2005 2:20 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA denies DHCP request
>
> http://www.ISAserver.org
>
> Hi Amy,
>
> Is the DHCP server on the ISA firewall?
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> > -----Original Message-----
> > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> > Sent: Monday, December 05, 2005 1:12 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] ISA denies DHCP request
> >
> > http://www.ISAserver.org
> >
> > I got stumped this weekend. A fellow consultant has a SBS
> box with ISA
> > 2004. After the upgrade from ISA 2000 to ISA 2004, ISA denies DHCP
> > requests because it sees them as coming in on the external NIC.
> >
> > I checked all of the usual stuff. NICs are configured correctly.
> > Binding order is correct. Routing table looks normal. DHCP rules
> are correct.
> > Clients are correctly configured. External NIC is connected only to
> > the ADSL modem, Internal NIC is connected only to a switch with
> the PC's.
> >
> > Here's the packets. I can't figure out why ISA thinks these
> > are external
> > packets.
> >
> > 192.168.1.16 SBSERVER UDP 68 0
> 0 0
> > 0x0 0x0 0x0 Firewall 12/4/2005 9:10
> 192.168.1.2
> > 67 DHCP (request) Initiated Connection SBS Protected Networks
> > Access Rule 192.168.1.16 Internal Local Host
> >
> > 0.0.0.0 SBSERVER UDP 68 0 0 0
> > 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall
> > 12/4/2005 9:10 255.255.255.255 67 DHCP (request) Denied
> > Connection Default rule 0.0.0.0 External Local Host
> >
> > 0.0.0.0 SBSERVER UDP 68 0 0 0
> > 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall
> > 12/4/2005 9:10 255.255.255.255 67 DHCP (request) Denied
> > Connection Default rule 0.0.0.0 External Local Host
> >
> > 0.0.0.0 SBSERVER UDP 68 0 0 0
> > 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall
> > 12/4/2005 9:10 255.255.255.255 67 DHCP (request) Denied
> > Connection Default rule 0.0.0.0 External Local Host
> >
> >
> > This server also has difficulty with VPN clients. They also
> don't get
> > served IP addresses by the DHCP server. However, even when you
> > statically assign the VPN client an address, access to shares on the
> > server is denied.
> >
> > Removed and reinstall DHCP. Disabled and reconfigured Routing
> > and Remote
> > Access. No luck.
> >
> >
> >
> > Amy
> >
> > Harbor Computer Services
> > Small Business Computer Specialists
> >
> > Client Blog: http://smalltechnotes.blogspot.com/
> > Tech Blog: http://isainsbs.blogspot.com/
> > Website: http://www.harborcomputerservices.net/
> >
> >
> >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
