Re: DHCP Relay on ISA
- From: "Adina Hagege [MSFT]" <adinah@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 24 Nov 2005 10:21:21 +0200
In ISA Server 2004, once the VPN clients are assigned an IP address, they
are considered to belong to the VPN Clients network. So you will need an
access rule allowing the VPN Clients network access to other networks, as
appropriate.
The VPN Roaming Clients and Quarantine Control in ISA Server 2004 Enterprise
Edition paper on the ISA Server Guidance Center
(http://www.microsoft.com/isaserver/techinfo/guidance/2004/vpn.mspx)
discusses this.
HTH,
Adina Hagege
ISA Server Product Team
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
"Phillip Windell" <@.> wrote in message
news:eV9btC77FHA.2616@xxxxxxxxxxxxxxxxxxxxxxx
> "SD" <smd6169@xxxxxxxxxxx> wrote in message
> news:OBxnp567FHA.1032@xxxxxxxxxxxxxxxxxxxxxxx
>> Under the Relay Agent - Do I need to add a Network Connection? If so,
>> LAN
>> or Internal?
>
> No, there is no such thing. If you right-click on the Relay Agent in the
> RRAS Admin the only option are "New Interface..." which does not apply.
>
>> Do I need any Access Rules at all?
>
> Not sure, I have only done it with ISA2000. There are several strange ways
> to do VPN with ISA2004 where the VPN Users are on their own separate
> network
> which would require a Rule. ISA2004 even has two builtin VPN "networks"
> (VPN
> Clients & Quarantined VPN Clients). But I always set it up so the users
> get
> an IP# from the main Internal Network so I don't see how any Rule would
> apply, but like I said, I never have done it with ISA2004.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/ISA2004_AccessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
> http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
> -----------------------------------------------------
>
>
>
>> "Phillip Windell" <@.> wrote in message
>> news:%23lLk9x67FHA.3876@xxxxxxxxxxxxxxxxxxxxxxx
>> > There are no DHCP Services on ISA, and there should not be.
>> >
>> > The Relay Agent is part of RRAS. You have to add and enable it within
>> > RRAS
>> > Admin.
>> >
>> > After that,..in RRAS Admin, right-click on the Server Name and pick
>> > Properties,...pick the IP Tab,...make sure that the Connection
>> > representing
>> > the ISA Internal Nic is chosen as the Adapter in the drop-down list at
> the
>> > bottom of the dialog box.
>> >
>> > --
>> > Phillip Windell [MCP, MVP, CCNA]
>> > www.wandtv.com
>> > -----------------------------------------------------
>> > Understanding the ISA 2004 Access Rule Processing
>> > http://www.isaserver.org/articles/ISA2004_AccessRules.html
>> >
>> > Microsoft Internet Security & Acceleration Server: Guidance
>> > http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
>> > http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
>> >
>> > Microsoft Internet Security & Acceleration Server: Partners
>> > http://www.microsoft.com/isaserver/partners/default.asp
>> > -----------------------------------------------------
>> >
>> >
>> >
>> > "SD" <smd6169@xxxxxxxxxxx> wrote in message
>> > news:OKXM8727FHA.2616@xxxxxxxxxxxxxxxxxxxxxxx
>> >> ...on a thought, if DHCP Services are not installed on my ISA 2004, do
> I
>> >> need the Relay Agent on the ISA box to forward DHCP Requests from my
> VPN
>> >> Clients to the Internal DHCP server?
>> >>
>> >>
>> >> "SD" <smd6169@xxxxxxxxxxx> wrote in message
>> >> news:%23oepd227FHA.252@xxxxxxxxxxxxxxxxxxxxxxx
>> >> > Having read the TechNET article "Configuring the DHCP Relay Agent on
>> >> > ISA
>> >> > Server 2004", I am still unable to get this to work properly. Has
>> > anyone
>> >> > been able to install the DHCP relay agent on an ISA 2004 box and
>> >> > successfuly assign INTERNAL ip's to your VPN users? If so, can you
>> > please
>> >> > share all the settings you had to configure? My ISA Server IS NOT a
>> > DHCP
>> >> > Server.....
>> >> >
>> >> > I confirmed that my SYSTEM POLICY DHCP setting is enabled and as per
>> >> > the
>> >> > above article I did set-up 3 Access Rules as followes:
>> >> >
>> >> > 1. DHCPRequest [INTERNAL to Local Host]
>> >> > 2. DHCPReply [Local Host to INTERNAL]
>> >> > 3. DHCPRelayAgent [Local Host to DHCP Server]
>> >> >
>> >> > SD
>> >> >
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>
.
- References:
- DHCP Relay on ISA
- From: SD
- Re: DHCP Relay on ISA
- From: SD
- Re: DHCP Relay on ISA
- From: SD
- DHCP Relay on ISA
- Prev by Date: Re: ISA - Domain Member
- Next by Date: Re: ISA - Domain Member
- Previous by thread: Re: DHCP Relay on ISA
- Next by thread: ISA 2004 - CRASHES OFTEN
- Index(es):
Relevant Pages
|
