Windows·65,583 discussions

dhcp on wan nic on ISA 2000

Locked

I am receiving the underneath message in the eventviewer.
Things seems to keep working, but it bugging me.

info
the lan nic has a fix ip, the wan nic has dhcp configured.

I noticed if I install dhcp server on the server it wants to default to the wan nic. ??

Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00105A857406. The following error occured:
The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Leopold

Topic

Reply To: dhcp on wan nic on ISA 2000

In reply to dhcp on wan nic on ISA 2000

ah ok, lemme get this straight. You have a box with 2 nics. that box has windows server [2000 or 2003 flavor] and you’ve installed ISA server on it. One NIC has a static and one nic has IP assigned by DHCP??. Further, you are trying to install DHCP on the box with ISA server?

First is both nics need static IP addresses for ISA server 2000 to work properly. Assign the second NIC a static IP address on a subnet other than the first NIC. Remember ISA server is a proxy and firewall and one NIC is for WAN and one for LAN [2 different segments].

Installing DHCP service on the ISA box isn’t a good idea. But if you must, create packet filters for DHCP both inbound and outbound. Services running on the same server as ISA server require packet filters to work properly.

Reply To: dhcp on wan nic on ISA 2000

In reply to Reply To: dhcp on wan nic on ISA 2000

My Isp is handling me dhcp ip leases (2 hours) , I can not do anything about that, if I change to a fix ip it works fine, but of course I can not stay on a fix ip forever.

When I installed ISA in the beginning my own network had dhcp clients and I had a fix wan ip but that was with another isp provider. the new prvider is handling dhcp ip to me’s so I had to change my network to from dhcp to fix. I think that’s where the problem started.

I know about the packet filters , but there is already one defined. But it must have been defined by the time my internal network had dhcp service running.

Leopold

Reply To: dhcp on wan nic on ISA 2000

In reply to dhcp on wan nic on ISA 2000

ah ok, lemme get this straight. You have a box with 2 nics. that box has windows server [2000 or 2003 flavor] and you’ve installed ISA server on it. One NIC has a static and one nic has IP assigned by DHCP??. Further, you are trying to install DHCP on the box with ISA server?

First is both nics need static IP addresses for ISA server 2000 to work properly. Assign the second NIC a static IP address on a subnet other than the first NIC. Remember ISA server is a proxy and firewall and one NIC is for WAN and one for LAN [2 different segments].

Installing DHCP service on the ISA box isn’t a good idea. But if you must, create packet filters for DHCP both inbound and outbound. Services running on the same server as ISA server require packet filters to work properly.

Reply To: dhcp on wan nic on ISA 2000

In reply to dhcp on wan nic on ISA 2000

ok, I understand the problem now. you want to install DHCP on ISA to provide IP addresses to client computers behind ISA.

First gotta deal with ISA. The external interface [the one you directly connect to your ISP] is a dynamic IP address. Thats ok. The second NIC MUST be a static IP address. Clients behind ISA will use that NIC as the default gateway and therefore must be a fixed address. This scope[range of addresses] becomes your LAN. If you install DHCP on ISA DHCPs address is your internal NIC and the scope of the range of IP addresses within that subnet [excluding the static IP address assigned for the LAN NIC]. You have to setup a reservation within DHCP for that address. You then authorize DHCP for that scope. In DHCP you need to setup options for DNS, and Default gateway so that clients have the correct information.[the default gateway for clients is your second NICs statically assigned IP address]. IF you don’t run DNS on your LAN, then DNS is your ISPs DNS servers.

Next is client computers. if clients do not have the ISA server firewall client program installed, they are considered secure NAT clients. Secure NAT clients do not provide credentials to ISA server. If there any access policies set that require authentication for access, secure NAT clients will be denied. Best to install the firewall client program on client computers.

Reply To: dhcp on wan nic on ISA 2000

In reply to Reply To: dhcp on wan nic on ISA 2000

note on DHCP: if you assign a class C private IP address to the 2nd nic on ISA [192.168.1.1]with a 24 bit subnet mask [254 hosts] that address is also your DHCPs address. The scope [or range] of addresses available to clients is 192.168.1.2-253 [with 192.168.1.1 reserved]. That address also becomes the default gateway for client computers [again options are set within DHCP to provide that information to clients]. You have to activate DHCP and authorize DHCP for that scope

Reply To: dhcp on wan nic on ISA 2000

In reply to Reply To: dhcp on wan nic on ISA 2000

CG,

I have all those already setup like that.
On the lan side I disabled dhpc services to be able to troubleshoot the problem and I am using static ip adresses now.

The specific problem is the error message I posted.
The isa server is like denying the dhcp on the wan to be renewed, Although even after some days I still have the same ip.
If you do a manual ipconfig /renew I receive a message (the dhcp server can not be contacted.

Leopold

Reply To: dhcp on wan nic on ISA 2000

In reply to dhcp on wan nic on ISA 2000

go to isaserver.org and ask the question on their board. I’ve never seen ISA server deny the external nic from obtaining an IP address. I’ve seen it deny DHCP outbound and inbound requests from both internal and external client requests for DHCP through ISA server. the suggestions I gave you is a possible reason.

Reply To: dhcp on wan nic on ISA 2000

In reply to Reply To: dhcp on wan nic on ISA 2000

Actually because I did not find an answer over there I came to techrepublic.

Leopold

[Author]

Replies