Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

auto discoery via DHCP over dhcp relay on ISA

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> auto discoery via DHCP over dhcp relay on ISA Page: [1]
Login
Message << Older Topic   Newer Topic >>
auto discoery via DHCP over dhcp relay on ISA - 16.May2008 1:00:29 PM   
Tom Decaluwe

 

Posts: 135
Joined: 23.Jul.2003
Status: offline 		Hi all,

I'm having trouble getting dhcp based auto discovery to work on my network. I have followed the steps in the ISA 2004 book but i think there is an issue with my setup.

What i have:

<DHCP server> --------[ (1) ISA (2) ]---------<client>

The client does his DHCP inform as i can sniff the packets on the client side and the ISA (2) Interface.

However i see no packets going in or out of the ISA (1) interface for DHCP.

I know the DHCP relay agent in installed correct on the ISA system as getting an IP address is not a problem.

I have read the MS kb http://technet.microsoft.com/nl-be/library/cc302643(en-us).aspx#DHCPWPADIssues but this does not seem to help.

Does anyone know how to solve this and is there a sollution?

I don't want to use DNS as I have more networks and ISA's on my LAN and WAN and i want to make ISA discovery SUBNET linked.

many thanks,



_____________________________

Tom Decaluwé
MCSE 2000/2003 - CCNA
http://www.it-talks.be
Post #: 1
RE: auto discoery via DHCP over dhcp relay on ISA - 18.May2008 8:29:35 PM   
lzd212

 

Posts: 31
Joined: 15.Jul.2004
Status: offline 		Hi, what version of Windows Server where ISA 2004 installed? If you felt already configured it correctly then try to update your system (OS and ISA) using the latest service pack and patches.I've setup many ISA Server and have no problems with WPAD when following Dr. Tom Shinder guides:
http://www.isaserver.org/tutorials/Configuring-WPAD-Support-ISA-Firewall-Web-Proxy-Firewall-Clients.html

Make sure if you've add your DHCP Server IP Address in ISA Server System Policy as well.

Hopes this help...

Cheers,

Acung

< Message edited by lzd212 -- 18.May2008 8:35:03 PM >

(in reply to Tom Decaluwe)
Post #: 2
RE: auto discoery via DHCP over dhcp relay on ISA - 19.May2008 3:19:44 AM   
Tom Decaluwe

 

Posts: 135
Joined: 23.Jul.2003
Status: offline 		I'm running ISA 2006 fully patched on a windows 2003 SP2 fully patched system. The steps i followed came from the 2004 book as they are identical for 2006 ad match the steps outlined in the link you posted.

The DHCP auto discovery works when the clients attach to the network where the DHCP server resides. My issue is that clients that are on another subnet that get there ip's from the same DHCP server but through the DHCP relay agent installed on the ISA are failing. These clients get there base IP but never get the configureation info.

By sniffing the network I can see the ISA recieves the DHCP info requests but never forwards it on to the the backend DHCP server.

Anybody any idea?

Tom

_____________________________

Tom Decaluwé
MCSE 2000/2003 - CCNA
http://www.it-talks.be

(in reply to lzd212)
Post #: 3
RE: auto discoery via DHCP over dhcp relay on ISA - 19.May2008 9:35:27 PM   
lzd212

 

Posts: 31
Joined: 15.Jul.2004
Status: offline 		Hi Tom, if you've multiple subnets behind ISA Server then you must configure ISA using Network behind Network scenario http://www.isaserver.org/tutorials/Advanced-ISA-Firewall-Configuration-Network-Behind-Network-Scenarios.html  ,have you? It's not outline DHCP traffic specifically but I've experienced another issue with the same configuration few times ago and resolved when I configured ISA policy using "Subnet" as recomnmended and not  using ISA "Internal" network.
Found this link also regarding automatic discovery issues http://technet.microsoft.com/en-us/library/cc302643.aspx
Hopes this help.

Cheers,

Acung

(in reply to Tom Decaluwe)
Post #: 4
RE: auto discoery via DHCP over dhcp relay on ISA - 20.May2008 3:46:54 AM   
Tom Decaluwe

 

Posts: 135
Joined: 23.Jul.2003
Status: offline 		Hi Acung ,

At the moment the network hosting the DHCP server is sitting on the Internal network of the ISA, i'll try and test the setup by moving that subnet to a seporate interface / subnet network rule and see what happens but seeing as the normal ip DHCP stuff forwards fine and only the DHCPinform messages disapear in thin air i'm guessing it will not make a big difference but it's better than doing nothing ;-)

Regarding the other link I had already read the info and the issue i'm having is 99% the same as state here execpt ofcourse my clients are not VPN clients but users sitting on a different ip network off the isa server

"VPN Clients Cannot Retrieve Configuration Information When the DHCP Relay Agent Is Running on the ISA Server Computer " => my clients are not VPN clients"

Problem:

A WPAD entry in DHCP cannot be retrieved by virtual private network (VPN) clients.


Cause:

This can occur when all the following conditions are true:
  • The DHCP client and the DHCP server belong to different subnets. "=> yes this is the case"

  • The DHCP relay agent is configured on a computer running Windows Server® 2003. "=> yes this is the case"

  • ISA Server 2004 and the DHCP relay agent are installed on the same computer. "=> yes this is the case"

  • VPN client support is not enabled in ISA Server. "=> my clients are not vpn client, i'm not using vpn but i did enable this just to see if it would help"

This behavior occurs because ISA Server controls the Routing and Remote Access service, which is not started if VPN client access is not enabled.


Solution:
To resolve this behavior, do any of the following:
  • Use a DHCP relay agent on the default gateway for the subnet, or on a computer not running ISA Server. Then remove the DHCP relay agent from the computer running ISA Server. "=> can't do that as ISA is my default gateway and only server on that network, all the rest are client pc's"

  • If you must run the DHCP relay agent and ISA Server on the same computer, enable the Enable VPN Client Access option in ISA Server Management to ensure that the Routing and Remote Access service is running. For more information, see the Microsoft Knowledge Base article 911072, "The DHCP clients may not obtain the configuration script when you use DHCP Option 252 to automatically configure Internet Explorer." "=> enabled vpn client,but did not help"

Just for the record, here is a dump of the DHCP relay agent settings on my ISA server, i set them up to match the MS example in the article:

# ----------------------------------
# DHCP Relay Agent configuration    
# ----------------------------------
pushd routing ip relay
uninstall
install
set global loglevel=ERROR
add dhcpserver server=192.168.6.200
add dhcpserver server=192.168.6.209

#
#DHCP Relay Agent configuration for interface "Guests 192_168_4_254"
#
add interface name="Guests 192_168_4_254"
set interface name="Guests 192_168_4_254" relaymode=enable maxhop=16 minsecs=0
 
popd
# End of DHCP Relay configuration


Tom




< Message edited by Tom Decaluwe -- 20.May2008 3:59:27 AM >

_____________________________

Tom Decaluwé
MCSE 2000/2003 - CCNA
http://www.it-talks.be

(in reply to lzd212)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> auto discoery via DHCP over dhcp relay on ISA Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts