?
Solved

Need to enable DHCP relay on Forefront TMG Standard

Posted on 2011-02-22
5
Medium Priority
?
5,505 Views
Last Modified: 2012-05-11
We have a multi-homed Forefront TMG server and we want to use DHCP to manage addresses in multiple subnets.  The process for enabling DHCP relay in ISA no longer works, as TMG disables RRAS.

I simply need to know how to enable DHCP relay on the TMG so that a server in our lab can get an IP from our internal DHCP server (the scope has been created on the DHCP server).
0
Comment
Question by:shawnsouthern
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 11

Accepted Solution

by:
Tasmant earned 2000 total points
ID: 34960432
Not sure if it can be done as research on google says it doens't work.
You can try your own using:
http://www.isaserver.org/tutorials/2004dhcprelay.html

Then, you can enable VPN access to start the RRAS service (maybe)
Found this http://support.microsoft.com/kb/973572/en-us, which seems to help sometimes.

Else, don't have you a switch with the capacity to server as DHCP relay on your network?
0
 
LVL 1

Author Comment

by:shawnsouthern
ID: 34960482
I hadn't even thought of using the switch... I'll check that.  Thanks.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 34961563
Switches are Layer2, not Layer3,...I,ve never seen a switch do that.
Now if you guys mean an L3 Switch,...then that is really a router,...and if you had one of those you should be using it to route between the two LAN Segment instead of using the TMG,...then enable the DHCP Helper feature on it and you're done.

The other big problem with that is this form of DHCP cannot be authorized in AD.

Do it right,...run DHCP on a Server OS that is a member of the Domain that is physically sitting in the correct subnet ,...then authorize the DHCP Service against AD like you are supposed to do.

Then DHCP will also keep DNS Dynamically updated like it is supposed to do.
0
 
LVL 1

Author Comment

by:shawnsouthern
ID: 34961675
The TMG routes between multiple subnets - our DMZ, internal, devices that need internet access but don't need to talk to our systems, etc.

We could simply assign static IPs to those devices, but I'd rather do it properly and manage our IPs through DHCP.

Our switches are L3, however we only use L2 vlans as we want the added protection, logging, etc of the TMG to handle the routing.  We carefully control & log all network traffic on our infrastructure, and TMG is an important part of that.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 34961805
TMG is a lousy "LAN Router",...there is no "added protection" by the TMG that the L3 box won't do except the logging may be easier to look at on the TMG,...but you get better service out of a "real" LAN Router, which is what the L3 Switch is...but that is your choice.

Anyway,...that doesn't change anything I said.  You need to run DHCP on a Windows Server OS that is physically sitting on the particular LAN Segment you are dealing with,...then authorize the DHCP Service against AD.  Everything takes care of itself and works like it is supposed to after that.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses
Course of the Month9 days, 19 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question