The client VPN connection works fine, but as soon as the client sends the DHCPInform DHCP request, ISA denies the connection even though there are explicit rules to allow it.
Any ideas on what's really going on here?
Thanks!
Bill
[ January 05, 2005, 12:23 AM: Message edited by: Bill Stewart ]
< Message edited by AbqBill -- 12.Dec.2007 1:55:04 PM >
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
Hi Tom,
I created a network object called DHCP Server (like in your rule #2) and set it equal to the IP address of the internal interface of the ISA Server (which happens to also be the DHCP server in this case). I applied the policies, but this didn't change anything.
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
Hi Tom,
I updated my firewall rules to exactly match your rule #2 (with the exception that my destination includes the Quarantined VPN Clients Network object):
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
Hi Tom,
Try running the DHCP service on the ISA Server itself and see if you can get it to work. I forsee this as a common configuration (lots of PIX firewalls I've seen run DHCP on the inside interface), and it'd be great if we could replicate this on the ISA firewall.
Never thought of that one! I'll give it a try tomorrow and see what happens. Seems sort of 'off label' to me, since you an install DHCP on any Windows server on the network.
Not sure what I would do different, or if it could even work. Does it work without the ISA firewall software installed?
BTW -- what DHCP options do you want to assign VPN clients?
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
quote:Never thought of that one! I'll give it a try tomorrow and see what happens. Seems sort of 'off label' to me, since you an install DHCP on any Windows server on the network.
Hi Tom,
Yes, you can run DHCP on another server, but I'm envisioning the ISA Server "appliance" scenario where it's the only "server" on a branch office network (not a file or print server, just a firewall). In that case, running the DHCP service on it would practically be a no-brainer.
quote:Does it work without the ISA firewall software installed?
Unfortunately I have not been able to test this scenario because this is my production server. Do you have any pointers on doing this with VMWare?
quote:BTW -- what DHCP options do you want to assign VPN clients?
I'll first test without the ISA firewall software installed to see if its even possible. And if I get it to work, then I'll install ISA and see if it break it. These all seem like local host connections, but if things made sense, we'd never have to do experiments
Let you know sometime this weekend. I need to finish Chapter 4 tonight or Debi is going to whip me with a cat 'o nine tails
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Remote VPN clients not receiving DHCP options 
Remote VPN clients not receiving DHCP options - 
RE: Remote VPN clients not receiving DHCP options - ![[Wink]](/image/smiles/wink.gif)
![[Smile]](/image/smiles/smile.gif)
![[Big Grin]](/image/smiles/biggrin.gif)
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread