11/19/2008 -- I would like my ISA Server to get an IP address from a DHCP server on the external interface. I've tried different network cards, cables and everything else, but for some reason the external NIC is not getting an IP address from the DHCP server. What am I doing wrong?

Answer:
Ideally, you should always use a static IP address for servers, but whatever the reason might be, what you've described is the default behavior on ISA Server 2004/2006. ISA Server's system policy is configured by default to not permit DHCP replies from outside DHCP servers to the ISA Server itself. Normally, there shouldn't really be a reason for allowing DHCP replies from the outside world to your ISA Server computer.

Some people sign up with their ISP for Internet access and want to run ISA Server at home or in their small business with a dynamic IP obtained from their ISP's DHCP server. Whatever your reasoning might be, you can change the default behavior by following the procedure described below:

1. Start ISA Server Management Console and click on the Firewall Policy.
2. In the right pane, click Tasks and then click Show System Policy Rules.
3. Click the rule "Allow DHCP replies from DHCP servers to ISA Server."
4. Right-click the rule and select Edit System Policy.
5. Click on the From tab.
6. Click Add and add the IP address of the external DHCP server. Although you have the option to add External network rather than the IP address of the DHCP server, that makes your ISA server more vulnerable to potential attacks. It's best that you keep the exposure to a minimum by adding only a specific DHCP server.
7. Apply the changes to update your ISA Server configuration.

There's one more thing you need to know: According to Microsoft's KB article 841141, the above procedure works only with renewals of IP addresses. What you'll have to do is allow DHCP packets from any network until you get an IP address. Once you have an IP address, you can change the rule to allow traffic from a specific DHCP server.