ISA 2006 not giving out IP addresses to VPN Clients?

Posted on 2009-04-02
Last Modified: 2012-05-06
Hi everyone,

All of a sudden, our ISA 2006 has stopped giving out the proper addresses.  Instead, it's giving out addresses in the 169.254.x.x range...which seems to suggest that it's lost connectivity to dhcp.  However, in the dashboard, DHCP connection shows as good.  Nothing changed that I know of, but this is becoming something of a hot issue.

Any thoughts?
Question by:GibsonGuitarIT
  • 4
  • 4

Expert Comment

ID: 24052279
Make Sure your DHCP Relay is setup on the Internal NIC of the ISA 2006 Server. If that is not it could you post the error from the event viewer?


Author Comment

ID: 24052457
Unable to contact a DHCP server. The Automatic Private IP Address will be assigned to dial-in clients. Clients may be unable to access resources on the network.

For more information, see Help and Support Center at

That's all the event viewer has to say

Expert Comment

ID: 24052551
1) If this is XP, obtain the latest service pack for Windows XP.
2) Use the Network Diagnostics tool to identify any failed settings. To do this, go to Help and Support>Use Tools to view your computer information and diagnose problems>Network Diagnostics>Scan your system. When the process finishes, check for any items marked "FAILED" in red, expand those categories, and view the additional details about what the testing showed.
3) Assign a static ip on the client and ping the DHCP server. If you can't  ping the DHCP server, check the connection and hardware.
4) If you can ping the DHCP after assigning static ip, check the DHCP settings.
5) Make sure no firewall is running on your LAN.
6) Run Repair this connection if it is XP. Or use netsh to reset TCP/IP configuration.
7) If it is win98/w2k, remove and reinstall TCP/IP.
8) Try to upgrade the new NIC driver.
9) Make sure you don't run out of IPs in the DHCP scope.
10) If you use a router as DHCP, you may want to upgrade the firmware.

quoted from ""
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.


Author Comment

ID: 24052674
It's Windows Server 2003 R2, but I did check everything just to be sure...all of the above checks out.

Expert Comment

ID: 24053067
Check out this article as well.

I know its for 2004 but it walks you through verifying DHCP Relay is enabled and some troubleshooting steps.

Author Comment

ID: 24053781
No go, unfortunately.

This was an existing set up that has always worked properly...but at some point, for some stopped.  I ran wireshark on the DHCP server, and I can see DHCP requests coming from the ISA server...but for whatever reason, DHCP isn't replying back....though it responds to normal DHCP requests as expected.

Expert Comment

ID: 24058987
I am assuming at this point you tried to restart the ISA Server? Or if you cannot, at least restart the RRAS Service.

Accepted Solution

GibsonGuitarIT earned 0 total points
ID: 24059084
Of course, that was the first thing I tried.  When all else fails...reboot :)

As it happens, I resolved the issue.  I'm not sure how or why, but the policy I had set up to allow DHCP\BOOTP traffic had simply "stopped working."  I created a new one, allowing dhcp from all networks to all networks, and the issue disappeared.

Thanks for the help!

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco vWLC DHCP issues 36 68
DHCP Server Service stops on SBS 2011 3 68
What is the VPn crypto table on a Cisco ASA? 2 18
pptp through Cisco ASA5505 V7 5 9
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question