Question #1254
I am using a cable or DSL connection to my ISP. They assign me an address via DHCP. I can’t get an address from my ISP for my ISA firewall’s external interface. How do I fix this?
Answer
Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Server Management.
In the console tree, click Firewall Policy.
In the details pane, click Show System Policy Rules.
Click Allow DHCP replies from DHCP servers to ISA Server.
In the details pane, click Edit System Policy.
Click the From tab.
Click Add.
If you know the IP address of the external DHCP server, follow these steps:
In the New list, click Computer.
In the New Computer Rule Element dialog box, type a name for the DHCP computer rule element in the Name box, type the IP address of the DHCP server in the Computer IP Address box, and then click OK.
Expand Computers, click the DHCP computer rule element that you just created, click Add, and then click Close.
To add the external network instead of the specific DHCP server, expand Networks, click External, click Add, and then click Close.
Note:
Microsoft recommends that you add the specific DHCP server instead of the external network to make the ISA Server computer less susceptible to external attacks.
Click OK, and then click Apply to save the changes and update the configuration.
Note:
This procedure is for renewals only. If you do not have an IP address, you may want to allow DHCP traffic from any network until an address is leased. If you do not already have a lease, the “specific DHCP server” setting in step 8 will not work because Windows will be forced into DHCP Discover mode. This mode is strictly for broadcast traffic.