locked
VPN Clients not getting IP from DHCP RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi,

    I guess this is a common VPN question but I am lost in the search for what is wrong.

    First I will describe my old setup:
    ISA 2006 sp1 on Windows Server 2003 R2 sp2 with all updates.
    2 NICs one for LAN and one for WAN.

    I used to have the LAN scope like this: 192.168.201.0-192.168.201.200 and 192.168.201.221-192.168.201.255
    VPN static pool 192.168.201.201-192.168.201.220.
    This was set up long before I started working in the company.

    This created a very confusing subnet match for when site-tosite tunnels was set up.
    However VPN clients was working but very few simultaneous connections could be made probably to bad subnetting.

    The new setup is cleaner and should not be a problem i my mind:
    Still the same server.
    The new LAN scope is: 192.168.201.0-192.168.201.255

    The VPN scope is set to use DHCP and I have specified the LAN DHCP server in the System Policy. The LAN DHCP has around 100 free IP addresses.
    VPN clients can not connect now. They get Error 800 after attempting PPTP, IKEv2 and all kinds of VPN connectables.

    If I look in the RRAS manager the Internal interface is Enabled and Connected under "Network Interfaces" but Not Available, Unknown and Non-operational under "IP Routing > General"

    All my other rules are working, LAN computers in the office have no problem going out on WAN and traffic to homepage, Exchange OWA, and other things are working fine.

    The only other problem I am aware of is that I get IKE (Quick Mode) Negotiation timed out on one Site-to-site tunnel. (This tunnel is the actual reason for the whole re-configuration.)

    Is it possible to use the same DHCP scope as this Office LAN?
    What do I need to remove to start the whole VPN config from the beginning?



    Thursday, March 18, 2010 2:20 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Thank you for your answer. However I'm not sure you should advice about that for ISA 2006 since I read somewhere that DHCP Relay should not be set up manually on that. It shold be enough to specify DHCP server in the firewall system policy.

    The problem was solved by installing ISA 2006 Hotfix package from july 2009.

    Regards

    Joakim

    • Marked as answer by Joakim G Tuesday, March 23, 2010 7:30 AM
    Tuesday, March 23, 2010 7:30 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

     

    Thank you for the post.

     

    I think you should check with the settings and make sure you have enabled DHCP relay. For more information, please refer to the following article.

     

    http://www.isaserver.org/tutorials/2004dhcprelay.html

     

    Regards,

    Nick Gu - MSFT
    Tuesday, March 23, 2010 3:39 AM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Thank you for your answer. However I'm not sure you should advice about that for ISA 2006 since I read somewhere that DHCP Relay should not be set up manually on that. It shold be enough to specify DHCP server in the firewall system policy.

    The problem was solved by installing ISA 2006 Hotfix package from july 2009.

    Regards

    Joakim

    • Marked as answer by Joakim G Tuesday, March 23, 2010 7:30 AM
    Tuesday, March 23, 2010 7:30 AM