• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 220
  • Last Modified:

ISA2000, VPN clients not getting IP addresses from DHCP server

I am setting up an ISA2000 server, parallel to an existing server (each on it's own ISP connection into the same LAN) and my latest stumbling block is the VPN client setup.

It's just a simple wizard.  I ran it.  Let it configure the RRAS, rebooted, saw all the new ports in RRAS and then build a connection on an outside computer, connected, established the connection, but couldn't go anywhere on the network.

I didn't have a correct ip address.

The DHCP server is not giving out addresses to this connection.

It is on the other ISA2000 server, the existing one.  Neither ISA server has DHCP installed.  The one that is working is getting addresses from the existing inside LAN dhcp server.

Why am I failing to get addresses for my new ISA server?
0
gateguard
Asked:
gateguard
  • 3
1 Solution
 
gateguardAuthor Commented:
I figured it out.

You have to go into RRAS, properties on the server, IP tab, and select your inside adapter as the adapter that the RRAS uses to get DHCP addresses from.  The default is "let the RRAS decide".  Evidently it doesn't do a very good job deciding.

Anyway, I don't want to delete this question because I think it could be helpful for others in the future.

If anyone enters anything about ISA servers, particularly with making a certificate work on one of them, I'll have an answer I can click on to close this thing.

I'll tell you, setting up an ISA2000 server is not easy.  ISA2004 is easier, but still querky, and it doesn't have the H.323 gatekeeper, which I need.

Oh, well, back to work...
0
 
Mike KlineCommented:
Nice work, figuring out your own question, EXCELLENT!!

Some nice links for certificates

http://www.isaserver.org/tutorials/Configuring_SSL_Bridging.html
Configuring SSL Bridging


http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/digitalcertificates.mspx
Digital Certificates for ISA Server 2004

You are working late on a Saturday :)

0
 
gateguardAuthor Commented:
Thanks for the links.

One more tip, for those who are setting up an ISA2000 server (don't know if this also applies to ISA2004):

To enable the VPN clients to use the inside LAN DNS records, it isn't enough to choose the INSIDE NIC on the pulldown in RRAS server properties, IP tab.  I still was getting DNS failures, even though that tab specifically refers to dhcp AND dns.

What I did to fix the DNS was this:

Add a DHCP relay agent in RRAS.  After that, DNS worked like a charm for VPN clients.
0
 
gateguardAuthor Commented:
Yup.  Not much sleep until this project is complete.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now