Hi\n\nThis is going to be a long post with several questions so please be patient.\n\nI have an dual homed ISA 2006 enterprise server acting as an edge firewall\nconnected to internal AD network 10.10.10.x/24.\nI would like to join another internal subnet, 10.10.11.x/24 to use the ISA\nas a proxy server to the internet. I want to use a w2k3 server as a router\nfor this subnet to connect to the internet, and this server will also act as\nDNS and DHCP for the subnet as well. The new subnet should not be able to\naccess any resources in 10.10.10.x, only to use ISA (10.10.10.7) as a proxy\nserver.\n\nI have set up an RRAS server (ROUTER) with LAN Routing as well as DNS:\nROUTER\nNIC1\nIP: 10.10.10.250\nMASK: 255.255.255.0\nGW: 10.10.10.7 (ISA internal IP)\n\nNIC2\nIP: 10.10.11.254\nMASK: 255.255.255.0\n\nFor DNS, no forward zones are created.\nNo static routes have been added to the ROUTER.\n\nI have also added a persistent static route on ISA by using "route add -p\n10.10.11.0\nmask 255.255.255.0 10.10.10.250 metric 1"\n\nNow, when I test with a notebook configured with a static 10.10.11.x/24\naddress with ROUTER (10.10.11.254) as gateway and DNS server, I am only able\nto ping the ROUTER's NICs and other 10.10.11.x hosts but not any other\n10.10.10.x hosts. I am not able to connect to the internet as well.\n\nWhat am I missing here?\nDo I need to add static routes in the ROUTER or ISA?\n\nNext, I realised that DHCP does not work unless I authorise it with AD.\nAccording to technet: Although it is not recommended, you can use a\nstand-alone server as a DHCP server as long as it is not on a subnet with any\nauthorized DHCP servers. When a stand-alone DHCP server detects an authorized\nserver on the same subnet, it automatically stops leasing IP addresses to\nDHCP clients.\n([URL]http://technet.microsoft.com/en-us/library/dd145306%28WS.10%29.aspx[/URL])\n\nI tried configuring another standalone server with IP 10.10.11.x with DHCP\nbut still encountered the same prompt for AD authorisation. However when I\nchanged this server's IP config to be updated by DHCP (10.10.10.x), DHCP on\nthis server became active after its IP was updated. Is there an explanation\nfor this, remember, this server is stand alone and I did not have to right\nclick, Authorise it.\n\nAnyway, my problem here is that I would like the DHCP server for the\n10.10.11.x subnet to be stand alone. Is there any way for me to do this?\n\nLastly, all of my servers and clients are connected to the same network\nswitch. Is there anyway for me to ensure clients from 10.10.10.x subnet and\n10.10.11.x subnet do not receive IP leases from the wrong scope or is\nVlanning required?\n\nIf I use a wireless access point of IP 10.10.11.x and get clients to connect\nto it, would it ensure that they receive only leases from the 10.10.11.x\nscope? Of course, I realise that this does not solve the problem for DHCP\nclients who are on wired connections.\n\nAlright, really hope to receive some help and feedback on my queries here.\nThanks in advance.