STEP 3: Installing and Configuring a DHCP Server on ISA Server Firewall

  • Article

Each of your computers needs an IP address and other information that allows them to communicate with each other and with computers on the Internet. The DHCP Server service can be installed on the ISA Server 2004 firewall computer and can provide IP addressing information to internal network computers. This Quick Start Guide assumes you will use the ISA Server 2004 firewall computer to assign IP addresses and other networking information to computers on your network.

Warning

You must not have any other DHCP servers on the network. If you have another machine on the network acting as a DHCP server, disable the DHCP service on that machine so that the ISA Server 2004 firewall acts as your only DHCP server on the network.

Installing the DHCP Service

The DHCP Server service can be installed on Windows 2000 Server and Windows Server 2003 computers. The procedure varies slightly between the two operating systems. In this section, we discuss procedures for installing the DHCP Server service on Windows 2000 Server and Windows Server 2003 computers.

Note

These steps are performed differently in Windows 2000 Server and Windows Server 2003. Go to the section applying to the operating system onto which you’re installing ISA Server 2004 and follow those steps.

Installing the DHCP Server Service on a Windows 2000 Server Computer

Perform the following steps to install the DHCP Server service on a Windows 2000 Server computer:

  1. Click Start, point to Settings and click Control Panel.
  2. In the Control Panel window, double click the Add/Remove Programs entry.
  3. In the Add/Remove Programs window, click the Add/Remove Windows Components button.
  4. In the Windows Components Wizard dialog box, select the Networking Services entry in the list of Components. Do not put a checkmark in the checkbox! After highlighting the Networking Services entry, click the Details button.
  5. In the Networking Services dialog box, put a checkmark in the Dynamic Host Configuration Protocol (DHCP) checkbox and click OK.
    Cc302620.b278e171-c1a2-40c8-b6ed-9999ea22c52c(en-us,TechNet.10).gif
  6. Click Next in the Windows Components dialog box.
  7. If terminal services are enabled on the machine, click Next in the Terminal Service Setup dialog box.
  8. Click Finish on the Completing the Windows Components Wizard page.
  9. Click Close in the Add/Remove Programs window.

Installing the DHCP Server Service on a Windows Server 2003 Computer

Perform the following steps to install the DNS Server service on a Windows Server 2003 computer:

  1. Click Start, point to Control Panel and click Add or Remove Programs.
  2. In the Add or Remove Programs window, click the Add/Remove Windows Components button.
  3. In the Windows Components Wizard dialog box, select the Networking Services entry in the list of Components. Do not put a checkmark in the checkbox! After highlighting the Networking Services entry, click the Details button.
  4. In the Networking Services dialog box, put a checkmark in the Dynamic Host Configuration Protocol (DHCP) checkbox and click OK.
    Cc302620.a405a779-60de-44e9-881a-bfe2b8f4bd39(en-us,TechNet.10).gif
  5. Click Next in the Windows Components dialog box.
  6. Click Finish on the Completing the Windows Components Wizard page.
  7. Close the Add or Remove Programs window.

Configuring the DHCP Service

The DHCP Server must be configured with a range of IP addresses it can assign to computers on your network. The DHCP Server also provides other networking information to your computers, such as the addresses of a DNS Server and default gateway. The DNS server and default gateway addresses for your computers will be the IP address on the internal interface of the ISA Server 2004 firewall. The DHCP server uses a DHCP scope to provide this information to the internal network clients. You must create a DHCP scope that provides the correct information.

Note

The DHCP server must not assign addresses that are already in use on your network. You must create exclusions for these IP addresses. Examples of excluded IP addresses might be static or reserved addresses assigned to print servers, file servers, mail servers or Web servers; these are just a few examples of devices or server that always have the same IP address assigned to them. These addresses are permanently assigned to these servers and network devices.

The procedure varies slightly for Windows 2000 Server and Windows Server 2003 computers. We will discuss each configuration in this section.

Note

These steps are performed differently in Windows 2000 Server and Windows Server 2003. Go to the section applying to the operating system onto which you’re installing ISA Server 2004 and follow those steps.

Configuring the Windows 2000 Server DHCP Server Service

Perform the following steps to configure the Windows 2000 DHCP Server with a scope that assigns the proper IP addressing information to the internal network computers:

  1. Click Start, point to Programs and then point to Administrative Tools. Click the DHCP entry.
  2. Expand all nodes in the left pane of the DHCP console. Right click the server name in the left pane of the console and click New Scope.
  3. Click Next on the Welcome to the New Scope Wizard page.
  4. Type SecureNAT Client Scope in the Name text box on the Scope Name page. Click Next.
  5. On the IP Address Range page, type the first IP address and the last IP address for the range in the Start IP address and End IP address text boxes. For example, if you are using the network ID 192.168.1.0 with a subnet mask of 255.255.255.0, enter the start IP address as 192.168.1.1 and the end IP address as 192.168.1.254. Click Next.
  6. On the Add Exclusions page, type the IP address of the internal interface of the ISA Server 2004 firewall in the Start IP address text box and click Add. If you have any other servers on the network that already have statically assigned IP addresses that you do not want to change, add those addresses to the list. Click Next after adding all the addresses you want to exclude from the DHCP scope.
  7. Accept the default value on the Lease Duration page and click Next.
  8. On the Configuring DHCP Options page, select Yes, I want to configure these options now and click Next.
  9. On the Router page, type the IP address of the internal interface of the ISA Server 2004 firewall computer and then click Add. Click Next.
  10. On the Domain Name and DNS Servers page, enter the IP address of the internal interface of the ISA Server 2004 firewall computer in the IP address text box and click Add. If you have an Active Directory domain on the internal network, enter the name of your internal network domain in the Parent domain text box. Do not enter a domain name in the Parent domain text box unless you have an existing Active Directory domain on the internal network. Click Next.
  11. Do not enter any information on the WINS Servers page. Click Next.
  12. Select the Yes, I want to activate this scope now option on the Activate Scope page and click Yes.
  13. Click Finish on the Completing the New Scope Wizard page.

Configuring the Windows Server 2003 DHCP Server Service

Perform the following steps to configure the Windows Server 2003 DHCP Server with a scope that will assign the proper IP addressing information to the internal network clients:

  1. Click Start and point to Administrative Tools. Click the DHCP entry.
  2. Expand all nodes in the left pane of the DHCP console. Right click the server name in the left pane of the console and click New Scope.
  3. Click Next on the Welcome to the New Scope Wizard page.
  4. Type SecureNAT Client Scope in the Name text box on the Scope Name page. Click Next.
  5. On the IP Address Range page, type the first IP address and the last IP address for the range in the Start IP address and End IP address text boxes. For example, if you are using the network ID 192.168.1.0 with a subnet mask of 255.255.255.0, then enter the start IP address as 192.168.1.1 and the end IP address as 192.168.1.254. Click Next.
  6. On the Add Exclusions page, type the IP address of the internal interface of the ISA Server firewall in the Start IP address text box and click Add. If you have any other servers on the network that already have statically assigned IP addresses that you do not want to change, add those addresses to the list. Click Next after adding all the addresses you want to exclude from the DHCP scope.
  7. Accept the default value on the Lease Duration page and click Next.
  8. On the Configuring DHCP Options page, select Yes, I want to configure these options now and click Next.
  9. On the Router page, type the IP address of the internal interface of the ISA Server 2004 firewall computer and then click Add. Click Next.
  10. On the Domain Name and DNS Servers page, enter the IP address of the internal interface of the ISA Server 2004 firewall computer in the IP address text box and click Add. If you have an Active Directory domain on the internal network, enter the name of your internal network domain in the Parent domain text box. Do not enter a domain name in the Parent domain text box unless you have an existing Active Directory domain on the internal network. Click Next.
  11. Do not enter any information on the WINS Servers page. Click Next.
  12. Select the Yes, I want to activate this scope now option on the Activate Scope page and click Yes.

[Topic Last Modified: 02/26/2008]