After changing over to a static pool, all looks good. And I also think the bug is a bit different that I first thought. If you try to add a static pool in the internal range, you will get an error. And I see the reason why. The VPN clients is supposed to be on a different network, to be able to seperate them from the internal and limit the traffic. I made a static pool of addresses outside the internal range, all works as it should. So from the error message MS shows on the static pool, I think they also need a message telling about the "error" when you choose a interface that is in the internal range
When you use DHCP to assign IP addresses to VPN clients, the TMG firewall assigns wpad clients a random assortment of addresses to connect to the firewall to obtain autodiscovery information?
When you use static IP addresses, the internal IP address of the firewall is always used to point to the autodisocvery listener?
I have VPN clients (SSTP) WPAD used and according to network trace the clients require the wpad form the IP of the RAS interface insteads of the internal interace. It is working fine for vpn clients but not for internal servers in the internal network.
The clients have the same range as the internal network and get their IPs from the internal DHCP.
Hello Everybody, I have got the same problem. With ISA 2006 no problems, but today I upgraded to ISA 2010 TMG and now the auto discover for my internal clients does not work anymore. The wpad scipt that the TMG server provides to my clients contains the last assigned RAS address from my DHCP server in the "New Node" value. So the client does connect to the ISA's ras adress pool instead of the ISA internal LAN ip-address.