Re: DHCP Inside / Outside

Thanks for the reply Herb. I do not have a DHCP relay installed in the ISA
config. I do have Routing and Remote access enabled and a VPN client can get
an IP address in teh 10.0.x.x range. Could this be allowing ISA to broadcast
DHCP requests back to the external interface? I have a friend who feels like
it could, so during the night i will try shutting down R&RA to see if an
internal client can still get an external address. I cant find anything else
on the ISA server that could be broadcasting bridged DHCP requests.
--
Scott Ford
Information Services
Starlite Entertainment


"Herb Martin" wrote:

"Scott Ford" <removethis.scott@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EB7BE3A1-7035-4DA3-93F8-6C7934D7397D@xxxxxxxxxxxxxxxx
I have a Windows 2K ISA server as a gateway. Its set up standard with an
inside and an outside NIC. Inside is on 10.0.x.x range. Outside NIC IP
range
is 192.168.1.x. I want to put a wireless access point on the outside
range
and have my router serving DHCP to 192.168.1.x ... I would like this to
NOT
interfere with the DHCP server I have on the inside range that is serving
DHCP to 10.0.x.x ... I have tried this a couple times, but always find
clients on the inside still receive IP addresses inthe 192 range.

That should never happen in DHCP (it could be some weird
issue with ISA but I doubt it; you can ask about that on the ISA
newsgroup.)

A DHCP server should ONLY hand out IP addresses for the
scope(s) which match it's NICs (if directly connected to the
requesting clients) AND to the scopes which match remote
subnets if forwarded by a DHCP relay or Bootp forwarder.

There is no reason a basic DHCP server would ever hand
out 192.x scope addresses on it's 10.net NIC or vice versa.


I have
tried blocking UDP ports 67 and 68 at the ISA server, but it isnt stopping
the problem. Whats the best solution for this?

Make sure the ISA is not acting as a DHCP relay or
BootP forwarder but it should NOT be doing that
as a DHCP server cannot also be a forwarder (in the
docs that I have read, but of course I have never
tried it since it makes no sense.)

Does ISA think that 192.168 machines are INTERNAL or
EXTERNAL? (As described it sounds like they should
NOT be internally defined.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

--
Scott Ford
Information Services
Starlite Entertainment



.

Relevant Pages

  • Re: Cant receive DHCP IP address in site to site VPN remote location
    ... DHCP operates by broadcasts,...it does not cross routers. ... Normal LAN routers have a DHCP Relay ability to pass the requests to a ... DHCP Relay Agent in RRAS,...but when ISA is acting as a VPN Router I do not ... DHCP Server in the local Site. ...
    (microsoft.public.isa.vpn)
  • Re: Multiple errors
    ... Basically the ISA server uses the "SBS Protected Networks access rule" to ... Networks access rule", the DHCP request may not apply to the correct access ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: DHCP Problem
    ... What happens if you move the DHCP Firewall Policy rule, in ISA 2004, to ... Unable to contact a DHCP server. ... Denied Connections started showing up in the ISA logs seconds later. ...
    (microsoft.public.backoffice.smallbiz)
  • Re: DHCP Problem
    ... Internet Security and Acceleration Server 2004 Standard ... An ISA repair might be order. ... Why DHCP Stops Working After You Add a Custom Access Rule ...
    (microsoft.public.backoffice.smallbiz)
  • Re: Wierd ISA SBS Internet Access Rule Problem?
    ... DHCP Not Working After Applying ISA 2004 SP2? ... I've come across reports of 7 separate servers where after installing ISA ... Clients were unable to contact the server for DHCP, Time, or WSUS. ... including after the ISA2004 SP2 installation. ...
    (microsoft.public.windows.server.sbs)