?
Solved

Need to enable DHCP relay on Forefront TMG Standard

Posted on 2011-02-22
5
Medium Priority
?
5,606 Views
Last Modified: 2012-05-11
We have a multi-homed Forefront TMG server and we want to use DHCP to manage addresses in multiple subnets.  The process for enabling DHCP relay in ISA no longer works, as TMG disables RRAS.

I simply need to know how to enable DHCP relay on the TMG so that a server in our lab can get an IP from our internal DHCP server (the scope has been created on the DHCP server).
0
Comment
Question by:shawnsouthern
  • 2
  • 2
5 Comments
 
LVL 11

Accepted Solution

by:
Tasmant earned 2000 total points
ID: 34960432
Not sure if it can be done as research on google says it doens't work.
You can try your own using:
http://www.isaserver.org/tutorials/2004dhcprelay.html

Then, you can enable VPN access to start the RRAS service (maybe)
Found this http://support.microsoft.com/kb/973572/en-us, which seems to help sometimes.

Else, don't have you a switch with the capacity to server as DHCP relay on your network?
0
 
LVL 1

Author Comment

by:shawnsouthern
ID: 34960482
I hadn't even thought of using the switch... I'll check that.  Thanks.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 34961563
Switches are Layer2, not Layer3,...I,ve never seen a switch do that.
Now if you guys mean an L3 Switch,...then that is really a router,...and if you had one of those you should be using it to route between the two LAN Segment instead of using the TMG,...then enable the DHCP Helper feature on it and you're done.

The other big problem with that is this form of DHCP cannot be authorized in AD.

Do it right,...run DHCP on a Server OS that is a member of the Domain that is physically sitting in the correct subnet ,...then authorize the DHCP Service against AD like you are supposed to do.

Then DHCP will also keep DNS Dynamically updated like it is supposed to do.
0
 
LVL 1

Author Comment

by:shawnsouthern
ID: 34961675
The TMG routes between multiple subnets - our DMZ, internal, devices that need internet access but don't need to talk to our systems, etc.

We could simply assign static IPs to those devices, but I'd rather do it properly and manage our IPs through DHCP.

Our switches are L3, however we only use L2 vlans as we want the added protection, logging, etc of the TMG to handle the routing.  We carefully control & log all network traffic on our infrastructure, and TMG is an important part of that.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 34961805
TMG is a lousy "LAN Router",...there is no "added protection" by the TMG that the L3 box won't do except the logging may be easier to look at on the TMG,...but you get better service out of a "real" LAN Router, which is what the L3 Switch is...but that is your choice.

Anyway,...that doesn't change anything I said.  You need to run DHCP on a Windows Server OS that is physically sitting on the particular LAN Segment you are dealing with,...then authorize the DHCP Service against AD.  Everything takes care of itself and works like it is supposed to after that.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month14 days, 10 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question