ISA Server 2004 VPN Client access DHCP Relay

Posted on 2006-05-26
Last Modified: 2012-06-21
Hello all!

I am having an issue with setting up a VPN for remote access using DHCP. I have configured the DHCP relay agent, using the internal nic, I have setup the access rules for DHCP Relay and DHCP request, followed every article I could find on ISASERVER.ORG, MS articles and what ever else I could dig up. I still can't seem to get this to work correctly. The clients can authenticate, but if I do an Ipconfig it shows the PPP interface's address as this is not the correct address that it should be getting. I can ping and RDP to servers and other devices on using the internal IP address scheme. However nothing can be resolved by name (even though ipconfig shows the correct DNS Servers.) Does anyone know what I am missing? Has anyone had this issue before.

Thank you in advance for any helpful comments!
Question by:TimMcGrath

    Author Comment

    Ok, I am still getting the auto ip address of  I read a thread stating that you need to change the setting "allow ras to select nic to obtain dhcp" to the internal nic that is provided by RRAS. When tried to change this I did not see the internal interface. I see, my perimeter interface, internal interace for the FW and my external interface? Is this the problem?
    LVL 10

    Expert Comment

    Try Internal Interface', OR you need to look at networks to see which interface is connected to your internal network, and select it.

    Do you have DHCP on your Internal Network ? What scope is it using, can you configure your ISA server to use a scope?

    Did you follow all the steps like listed on the following article?


    Author Comment


    Thanks for the response. I though that you were not suppose to use the internal interface of the ISA server???????

    I am running dhcp on the internal network, sits behind the isa server. We have 2 servers that are our DHCP servers. One is configured for to the other is to Each server is only using about 10% of their ip address. Both servers are configured with the DNS servers, so all clients get their dns settings from the dhcp server.

    I have followed most of the steps in that article (along with several other articles from that site) I am not using Radius (the isa server is a member of the domain) and I am not using CA server. (not yet was planning on implmenting it down the line. wanted to see if I could get the VPN working first) When I test the VPN it allows me to authenticate, I just do not get the right IP address. I can ping internal servers by Ip address and can RDP to servers with IP address.
    LVL 10

    Accepted Solution

     I though that you were not suppose to use the internal interface of the ISA server?

    Explain, we are only using the Internal interface to obtain an IP address and pass it to the remote client. Why do you think it will be a problem?


    Author Comment

    Reading through the book, "Configureing ISA Server 2004" there is a note that states "make sure you select the internal interface (named internal by RRAS) not the internal interface of the ISA server" I have seen several referneces to this and was not sure why. I am new to the ISA server. I have not seen any explanation for this, just references in articles and on some blogs that it has caused problems. I can give that a shot tomorrow morning and see what happens.
    LVL 3

    Expert Comment

    First Check Your DHCP connectivity in Dashboard in Monitoring. It is Showing Good or Not.
    Then Right Click on VPN & Go in Properties. In Access Network Select External & Internal, Then in Address Assignment select DHCP & Internal from Drop Down. Then Select Authentication & leave the RADIUS.
    In Firewall Policy You have to Make Two Rules:-
    1. Internal Rule :- Action:- Allow, Protocol:- All Outbound Traffic, From:- Internal, Local Host, To:- Internal Local Host, User:- All Users (If have your DHCP server running on some other machine).
    2. VPN Rule :- Action:- Allow, Protocol:- L2TP Client & PPTP, From:- Local Host, Quarantined VPN Client, VPN Client, To:- External, Local Host, Internal & VPN Client, User:- Which Ever You Want (Or All User).

    If still you didn't get your internal IP address range, then check Configuration --> Networks, & Network Rule, in VPN Network Rule Relation shuld be Route.


    Author Comment

    Hey all,

    Thanks for the comments. Got it all working!!! I created a virual interface off one of the internal nics. Configured that with "obtain ip address from dhcp" When back into RRAS and selected that to be the internal nic to use. My VPN clients are authenticating and getting the correct ip range, dns and wins addresses

    Naveedb, thank you for your comment about the internal interface, made me take another look into things.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Suggested Solutions

    Title # Comments Views Activity
    belkin wifi stick 12 74
    Sonicwall VPN 17 44
    Single domain/site being blocked.... but why and where? 10 44
    Scan IP address, obtain info 7 47
    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now