[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Need to enable DHCP relay on Forefront TMG Standard

Posted on 2011-02-22
5
Medium Priority
?
5,564 Views
Last Modified: 2012-05-11
We have a multi-homed Forefront TMG server and we want to use DHCP to manage addresses in multiple subnets.  The process for enabling DHCP relay in ISA no longer works, as TMG disables RRAS.

I simply need to know how to enable DHCP relay on the TMG so that a server in our lab can get an IP from our internal DHCP server (the scope has been created on the DHCP server).
0
Comment
Question by:shawnsouthern
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 11

Accepted Solution

by:
Tasmant earned 2000 total points
ID: 34960432
Not sure if it can be done as research on google says it doens't work.
You can try your own using:
http://www.isaserver.org/tutorials/2004dhcprelay.html

Then, you can enable VPN access to start the RRAS service (maybe)
Found this http://support.microsoft.com/kb/973572/en-us, which seems to help sometimes.

Else, don't have you a switch with the capacity to server as DHCP relay on your network?
0
 
LVL 1

Author Comment

by:shawnsouthern
ID: 34960482
I hadn't even thought of using the switch... I'll check that.  Thanks.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 34961563
Switches are Layer2, not Layer3,...I,ve never seen a switch do that.
Now if you guys mean an L3 Switch,...then that is really a router,...and if you had one of those you should be using it to route between the two LAN Segment instead of using the TMG,...then enable the DHCP Helper feature on it and you're done.

The other big problem with that is this form of DHCP cannot be authorized in AD.

Do it right,...run DHCP on a Server OS that is a member of the Domain that is physically sitting in the correct subnet ,...then authorize the DHCP Service against AD like you are supposed to do.

Then DHCP will also keep DNS Dynamically updated like it is supposed to do.
0
 
LVL 1

Author Comment

by:shawnsouthern
ID: 34961675
The TMG routes between multiple subnets - our DMZ, internal, devices that need internet access but don't need to talk to our systems, etc.

We could simply assign static IPs to those devices, but I'd rather do it properly and manage our IPs through DHCP.

Our switches are L3, however we only use L2 vlans as we want the added protection, logging, etc of the TMG to handle the routing.  We carefully control & log all network traffic on our infrastructure, and TMG is an important part of that.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 34961805
TMG is a lousy "LAN Router",...there is no "added protection" by the TMG that the L3 box won't do except the logging may be easier to look at on the TMG,...but you get better service out of a "real" LAN Router, which is what the L3 Switch is...but that is your choice.

Anyway,...that doesn't change anything I said.  You need to run DHCP on a Windows Server OS that is physically sitting on the particular LAN Segment you are dealing with,...then authorize the DHCP Service against AD.  Everything takes care of itself and works like it is supposed to after that.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A Cisco router can be configured as a DHCP Server. There are advantages and disadvantages in making your Cisco router work as DHCP Server. Almost all the features for windows DHCP can be configured on Cisco-based DHCP server. Some of the features me…
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question