RE: ISA denies DHCP request
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 5 Dec 2005 11:36:32 -0800
Both, of course.
Simultaneous, too.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Monday, December 05, 2005 11:30
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA denies DHCP request
http://www.ISAserver.org
I've got an ISA info and a complete log. I'll send them over. No capture
though. Should I capture from the PC end or the server end or both?
Amy
Harbor Computer Services
Small Business Computer Specialists
Client Blog: http://smalltechnotes.blogspot.com/
Tech Blog: http://isainsbs.blogspot.com/
Website: http://www.harborcomputerservices.net/
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Monday, December 05, 2005 2:22 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA denies DHCP request
http://www.ISAserver.org
Got ISAInfo?
How about captures?
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Monday, December 05, 2005 11:12
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA denies DHCP request
http://www.ISAserver.org
I got stumped this weekend. A fellow consultant has a SBS box with ISA 2004.
After the upgrade from ISA 2000 to ISA 2004, ISA denies DHCP requests because
it sees them as coming in on the external NIC.
I checked all of the usual stuff. NICs are configured correctly. Binding order
is correct. Routing table looks normal. DHCP rules are correct.
Clients are correctly configured. External NIC is connected only to the ADSL
modem, Internal NIC is connected only to a switch with the PC's.
Here's the packets. I can't figure out why ISA thinks these are external
packets.
192.168.1.16 SBSERVER UDP 68 0 0 0
0x0 0x0 0x0 Firewall 12/4/2005 9:10 192.168.1.2
67 DHCP (request) Initiated Connection SBS Protected Networks
Access Rule 192.168.1.16 Internal Local Host
0.0.0.0 SBSERVER UDP 68 0 0 0
0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall
12/4/2005 9:10 255.255.255.255 67 DHCP (request) Denied
Connection Default rule 0.0.0.0 External Local Host
0.0.0.0 SBSERVER UDP 68 0 0 0
0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall
12/4/2005 9:10 255.255.255.255 67 DHCP (request) Denied
Connection Default rule 0.0.0.0 External Local Host
0.0.0.0 SBSERVER UDP 68 0 0 0
0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall
12/4/2005 9:10 255.255.255.255 67 DHCP (request) Denied
Connection Default rule 0.0.0.0 External Local Host
This server also has difficulty with VPN clients. They also don't get served IP
addresses by the DHCP server. However, even when you statically assign the VPN
client an address, access to shares on the server is denied.
Removed and reinstall DHCP. Disabled and reconfigured Routing and Remote
Access. No luck.
Amy
Harbor Computer Services
Small Business Computer Specialists
Client Blog: http://smalltechnotes.blogspot.com/
Tech Blog: http://isainsbs.blogspot.com/
Website: http://www.harborcomputerservices.net/
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
