ISA enforces a 5-second delay in updating its internal routing table after a VPN client connects
Check out this post from Jim Harrison from a couple of years ago:
“Note that ISA enforces a 5-second delay in updating its internal routing table after a VPN client connects to control the CPU load (routing table updates are *expensive*). This may interfere with a client getting the additional information that is supplied in the DHCP Inform req.resp cycle, since these occur almost immediately after the connection is completed.
There is a previous thread in this same NG subj: "DHCP Request SPOOFING_PACKET_DROPPED" that includes the process you should follow to resolve the DHCP Inform issue *if and only if* you see ISA rejecting DHCP
traffic from VPN clients with a "SPOOFING_PACKET_DROPPED" status. This change is still getting regression testing, so you should use it with care.
Note: Do Not set that value lower than 1000 (0x3e8) (1 second)”
Nice! Thanks a bunch Jim, this was very enlightening.
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer