RE: ISA denies DHCP request
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 5 Dec 2005 13:44:49 -0600
Is the DHCP service configured to use only the internal interface?
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message-----
> From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> Sent: Monday, December 05, 2005 1:29 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA denies DHCP request
>
> http://www.ISAserver.org
>
> Yes, it is.
>
> Amy
>
> Harbor Computer Services
> Small Business Computer Specialists
>
> Client Blog: http://smalltechnotes.blogspot.com/
> Tech Blog: http://isainsbs.blogspot.com/
> Website: http://www.harborcomputerservices.net/
>
>
>
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Monday, December 05, 2005 2:20 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA denies DHCP request
>
> http://www.ISAserver.org
>
> Hi Amy,
>
> Is the DHCP server on the ISA firewall?
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> > -----Original Message-----
> > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> > Sent: Monday, December 05, 2005 1:12 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] ISA denies DHCP request
> >
> > http://www.ISAserver.org
> >
> > I got stumped this weekend. A fellow consultant has a SBS
> box with ISA
> > 2004. After the upgrade from ISA 2000 to ISA 2004, ISA denies DHCP
> > requests because it sees them as coming in on the external NIC.
> >
> > I checked all of the usual stuff. NICs are configured
> > correctly. Binding
> > order is correct. Routing table looks normal. DHCP rules
> are correct.
> > Clients are correctly configured. External NIC is connected
> > only to the
> > ADSL modem, Internal NIC is connected only to a switch with
> the PC's.
> >
> > Here's the packets. I can't figure out why ISA thinks these
> > are external
> > packets.
> >
> > 192.168.1.16 SBSERVER UDP 68 0
> 0 0
> > 0x0 0x0 0x0 Firewall 12/4/2005 9:10
> 192.168.1.2
> > 67 DHCP (request) Initiated Connection SBS Protected Networks
> > Access Rule 192.168.1.16 Internal Local Host
> >
> > 0.0.0.0 SBSERVER UDP 68 0 0 0
> > 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall
> > 12/4/2005 9:10 255.255.255.255 67 DHCP (request) Denied
> > Connection Default rule 0.0.0.0 External Local Host
> >
> > 0.0.0.0 SBSERVER UDP 68 0 0 0
> > 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall
> > 12/4/2005 9:10 255.255.255.255 67 DHCP (request) Denied
> > Connection Default rule 0.0.0.0 External Local Host
> >
> > 0.0.0.0 SBSERVER UDP 68 0 0 0
> > 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 0x0 Firewall
> > 12/4/2005 9:10 255.255.255.255 67 DHCP (request) Denied
> > Connection Default rule 0.0.0.0 External Local Host
> >
> >
> > This server also has difficulty with VPN clients. They also
> don't get
> > served IP addresses by the DHCP server. However, even when you
> > statically assign the VPN client an address, access to shares on the
> > server is denied.
> >
> > Removed and reinstall DHCP. Disabled and reconfigured Routing
> > and Remote
> > Access. No luck.
> >
> >
> >
> > Amy
> >
> > Harbor Computer Services
> > Small Business Computer Specialists
> >
> > Client Blog: http://smalltechnotes.blogspot.com/
> > Tech Blog: http://isainsbs.blogspot.com/
> > Website: http://www.harborcomputerservices.net/
> >
> >
> >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
Other related posts:
