Is the DHCP service configured to use only the internal interface? Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] > Sent: Monday, December 05, 2005 1:29 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA denies DHCP request > > http://www.ISAserver.org > > Yes, it is. > > Amy > > Harbor Computer Services > Small Business Computer Specialists > > Client Blog: http://smalltechnotes.blogspot.com/ > Tech Blog: http://isainsbs.blogspot.com/ > Website: http://www.harborcomputerservices.net/ > > > > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Monday, December 05, 2005 2:20 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA denies DHCP request > > http://www.ISAserver.org > > Hi Amy, > > Is the DHCP server on the ISA firewall? > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > **Who is John Galt?** > > > > > -----Original Message----- > > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] > > Sent: Monday, December 05, 2005 1:12 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] ISA denies DHCP request > > > > http://www.ISAserver.org > > > > I got stumped this weekend. A fellow consultant has a SBS > box with ISA > > 2004. After the upgrade from ISA 2000 to ISA 2004, ISA denies DHCP > > requests because it sees them as coming in on the external NIC. > > > > I checked all of the usual stuff. NICs are configured > > correctly. Binding > > order is correct. Routing table looks normal. DHCP rules > are correct. > > Clients are correctly configured. External NIC is connected > > only to the > > ADSL modem, Internal NIC is connected only to a switch with > the PC's. > > > > Here's the packets. I can't figure out why ISA thinks these > > are external > > packets. > > > > 192.168.1.16 SBSERVER UDP 68 0 > 0 0 > > 0x0 0x0 0x0 Firewall 12/4/2005 9:10 > 192.168.1.2 > > 67 DHCP (request) Initiated Connection SBS Protected Networks > > Access Rule 192.168.1.16 Internal Local Host > > > > 0.0.0.0 SBSERVER UDP 68 0 0 0 > > 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall > > 12/4/2005 9:10 255.255.255.255 67 DHCP (request) Denied > > Connection Default rule 0.0.0.0 External Local Host > > > > 0.0.0.0 SBSERVER UDP 68 0 0 0 > > 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall > > 12/4/2005 9:10 255.255.255.255 67 DHCP (request) Denied > > Connection Default rule 0.0.0.0 External Local Host > > > > 0.0.0.0 SBSERVER UDP 68 0 0 0 > > 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall > > 12/4/2005 9:10 255.255.255.255 67 DHCP (request) Denied > > Connection Default rule 0.0.0.0 External Local Host > > > > > > This server also has difficulty with VPN clients. They also > don't get > > served IP addresses by the DHCP server. However, even when you > > statically assign the VPN client an address, access to shares on the > > server is denied. > > > > Removed and reinstall DHCP. Disabled and reconfigured Routing > > and Remote > > Access. No luck. > > > > > > > > Amy > > > > Harbor Computer Services > > Small Business Computer Specialists > > > > Client Blog: http://smalltechnotes.blogspot.com/ > > Tech Blog: http://isainsbs.blogspot.com/ > > Website: http://www.harborcomputerservices.net/ > > > > > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >