RE: ISA denies DHCP request

  • From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 5 Dec 2005 14:30:24 -0500

I've got an ISA info and a complete log. I'll send them over. No capture
though. Should I capture from the PC end or the server end or both?

Amy
 
Harbor Computer Services
Small Business Computer Specialists

Client Blog: http://smalltechnotes.blogspot.com/
Tech Blog: http://isainsbs.blogspot.com/
Website: http://www.harborcomputerservices.net/
 

 

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Monday, December 05, 2005 2:22 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA denies DHCP request

http://www.ISAserver.org

Got ISAInfo? 
How about captures?

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
Sent: Monday, December 05, 2005 11:12
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA denies DHCP request

http://www.ISAserver.org

I got stumped this weekend. A fellow consultant has a SBS box with ISA
2004. After the upgrade from ISA 2000 to ISA 2004, ISA denies DHCP
requests because it sees them as coming in on the external NIC. 

I checked all of the usual stuff. NICs are configured correctly. Binding
order is correct. Routing table looks normal. DHCP rules are correct.
Clients are correctly configured. External NIC is connected only to the
ADSL modem, Internal NIC is connected only to a switch with the PC's. 

Here's the packets. I can't figure out why ISA thinks these are external
packets.

192.168.1.16    SBSERVER        UDP     68      0       0       0
0x0     0x0     0x0     Firewall        12/4/2005 9:10  192.168.1.2
67      DHCP (request)  Initiated Connection    SBS Protected Networks
Access Rule     192.168.1.16    Internal        Local Host

0.0.0.0 SBSERVER        UDP     68      0       0       0
0xc004000d FWX_E_POLICY_RULES_DENIED    0x0     0x0     Firewall
12/4/2005 9:10  255.255.255.255 67      DHCP (request)  Denied
Connection      Default rule    0.0.0.0 External        Local Host

0.0.0.0 SBSERVER        UDP     68      0       0       0
0xc004000d FWX_E_POLICY_RULES_DENIED    0x0     0x0     Firewall
12/4/2005 9:10  255.255.255.255 67      DHCP (request)  Denied
Connection      Default rule    0.0.0.0 External        Local Host

0.0.0.0 SBSERVER        UDP     68      0       0       0
0xc004000d FWX_E_POLICY_RULES_DENIED    0x0     0x0     Firewall
12/4/2005 9:10  255.255.255.255 67      DHCP (request)  Denied
Connection      Default rule    0.0.0.0 External        Local Host


This server also has difficulty with VPN clients. They also don't get
served IP addresses by the DHCP server. However, even when you
statically assign the VPN client an address, access to shares on the
server is denied.

Removed and reinstall DHCP. Disabled and reconfigured Routing and Remote
Access. No luck.



Amy
 
Harbor Computer Services
Small Business Computer Specialists
 
Client Blog: http://smalltechnotes.blogspot.com/
Tech Blog: http://isainsbs.blogspot.com/
Website: http://www.harborcomputerservices.net/
 

 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 12-2005