Solved

Need to enable DHCP relay on Forefront TMG Standard

Posted on 2011-02-22
5
5,336 Views
Last Modified: 2012-05-11
We have a multi-homed Forefront TMG server and we want to use DHCP to manage addresses in multiple subnets.  The process for enabling DHCP relay in ISA no longer works, as TMG disables RRAS.

I simply need to know how to enable DHCP relay on the TMG so that a server in our lab can get an IP from our internal DHCP server (the scope has been created on the DHCP server).
0
Comment
Question by:shawnsouthern
  • 2
  • 2
5 Comments
 
LVL 11

Accepted Solution

by:
Tasmant earned 500 total points
ID: 34960432
Not sure if it can be done as research on google says it doens't work.
You can try your own using:
http://www.isaserver.org/tutorials/2004dhcprelay.html

Then, you can enable VPN access to start the RRAS service (maybe)
Found this http://support.microsoft.com/kb/973572/en-us, which seems to help sometimes.

Else, don't have you a switch with the capacity to server as DHCP relay on your network?
0
 
LVL 1

Author Comment

by:shawnsouthern
ID: 34960482
I hadn't even thought of using the switch... I'll check that.  Thanks.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 34961563
Switches are Layer2, not Layer3,...I,ve never seen a switch do that.
Now if you guys mean an L3 Switch,...then that is really a router,...and if you had one of those you should be using it to route between the two LAN Segment instead of using the TMG,...then enable the DHCP Helper feature on it and you're done.

The other big problem with that is this form of DHCP cannot be authorized in AD.

Do it right,...run DHCP on a Server OS that is a member of the Domain that is physically sitting in the correct subnet ,...then authorize the DHCP Service against AD like you are supposed to do.

Then DHCP will also keep DNS Dynamically updated like it is supposed to do.
0
 
LVL 1

Author Comment

by:shawnsouthern
ID: 34961675
The TMG routes between multiple subnets - our DMZ, internal, devices that need internet access but don't need to talk to our systems, etc.

We could simply assign static IPs to those devices, but I'd rather do it properly and manage our IPs through DHCP.

Our switches are L3, however we only use L2 vlans as we want the added protection, logging, etc of the TMG to handle the routing.  We carefully control & log all network traffic on our infrastructure, and TMG is an important part of that.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 34961805
TMG is a lousy "LAN Router",...there is no "added protection" by the TMG that the L3 box won't do except the logging may be easier to look at on the TMG,...but you get better service out of a "real" LAN Router, which is what the L3 Switch is...but that is your choice.

Anyway,...that doesn't change anything I said.  You need to run DHCP on a Windows Server OS that is physically sitting on the particular LAN Segment you are dealing with,...then authorize the DHCP Service against AD.  Everything takes care of itself and works like it is supposed to after that.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question