I've got an ISA info and a complete log. I'll send them over. No capture though. Should I capture from the PC end or the server end or both? Amy Harbor Computer Services Small Business Computer Specialists Client Blog: http://smalltechnotes.blogspot.com/ Tech Blog: http://isainsbs.blogspot.com/ Website: http://www.harborcomputerservices.net/ -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Monday, December 05, 2005 2:22 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA denies DHCP request http://www.ISAserver.org Got ISAInfo? How about captures? ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Monday, December 05, 2005 11:12 To: [ISAserver.org Discussion List] Subject: [isalist] ISA denies DHCP request http://www.ISAserver.org I got stumped this weekend. A fellow consultant has a SBS box with ISA 2004. After the upgrade from ISA 2000 to ISA 2004, ISA denies DHCP requests because it sees them as coming in on the external NIC. I checked all of the usual stuff. NICs are configured correctly. Binding order is correct. Routing table looks normal. DHCP rules are correct. Clients are correctly configured. External NIC is connected only to the ADSL modem, Internal NIC is connected only to a switch with the PC's. Here's the packets. I can't figure out why ISA thinks these are external packets. 192.168.1.16 SBSERVER UDP 68 0 0 0 0x0 0x0 0x0 Firewall 12/4/2005 9:10 192.168.1.2 67 DHCP (request) Initiated Connection SBS Protected Networks Access Rule 192.168.1.16 Internal Local Host 0.0.0.0 SBSERVER UDP 68 0 0 0 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall 12/4/2005 9:10 255.255.255.255 67 DHCP (request) Denied Connection Default rule 0.0.0.0 External Local Host 0.0.0.0 SBSERVER UDP 68 0 0 0 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall 12/4/2005 9:10 255.255.255.255 67 DHCP (request) Denied Connection Default rule 0.0.0.0 External Local Host 0.0.0.0 SBSERVER UDP 68 0 0 0 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall 12/4/2005 9:10 255.255.255.255 67 DHCP (request) Denied Connection Default rule 0.0.0.0 External Local Host This server also has difficulty with VPN clients. They also don't get served IP addresses by the DHCP server. However, even when you statically assign the VPN client an address, access to shares on the server is denied. Removed and reinstall DHCP. Disabled and reconfigured Routing and Remote Access. No luck. Amy Harbor Computer Services Small Business Computer Specialists Client Blog: http://smalltechnotes.blogspot.com/ Tech Blog: http://isainsbs.blogspot.com/ Website: http://www.harborcomputerservices.net/ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx