Solved

DHCP Server on Windows 2000

Posted on 2002-03-24
10
178 Views
Last Modified: 2012-05-07
Hi all ..
I have two server with windows 2000 and active directory, the first with DHCP and Remote access for the dialup user and it is working ok . the secound one for the mail server and the proxy . and i am working with it to make VPN by routning and remote access .. but i face some problems  ..
1- how can i install the DHCP server and i want it to help the VPN only. when i instaled the dhcp all the vpn take ip from the dialup ip (from the first DHCP)
2- how can i give ip, subnet mask, gateway for the routing and access server only. there is no space to write a gate way for the client to on routing and remote acceess like DHCP ??

I need help

i know it is hard to understand my english ... but i need help

note .. i have dhcp installed on the first server .. how can i use one of the two scopes for the secound server
0
Comment
Question by:moty66
  • 3
  • 3
  • 2
  • +2
10 Comments
 
LVL 3

Expert Comment

by:CyberStretch
Comment Utility
Setting up the DHCP and VPN servers on W2K will allow you to setup the DHCP scope (IP range) for VPN connections.

START > PROGRAMS > ADMINISTRATIVE TOOLS > ROUTING AND REMOTE ACCESS

1) Right Click the Server Name (ie, VPNSERVER)
2) Select PROPERIES
3) Click the IP tab

You can specify DHCP or Static Addressing and the scope. If your DCHP server is on a different system, make sure you have the DCHP Relay Agent installed and configured.

If you have a small number of people who need to dial in, you may want to use Static Addressing and the User Profile and the Dial In tab to set a static IP for each user. This way, you will know from your various logs which IP address is assigned to which person and it makes tracking their activity - and any potential hacking with that account - a lot easier from viewing your log files.

Also, make sure you choose an IP scope that will *not* be used for any other purposes. This will help to avoid IP conflicts.
0
 
LVL 8

Expert Comment

by:scraig84
Comment Utility
Its been a while since I have set up RRAS on a Windows box, but can't you set up a pool of addresses directly on the RAS box without having to use DHCP?  Maybe you can't but I thought you could.  Seems like this would make more sense than setting up DHCP just for dialup.

As to your question about a gateway - a dialup client sends all of its traffic to its peer (the RAS server).  From there the traffic is sent like any other traffic from the RAS server, using its gateway etc.
0
 
LVL 17

Expert Comment

by:mikecr
Comment Utility
Scraig84 is correct. In Windows 2K, if you go into RRAS and right click on the server name and choose properties, click on the IP tab and then click on the assign from static pool radio button and input your IP address scheme. This is how it should be done when using a different scope than what is normally on the network in RRAS.
0
 
LVL 1

Author Comment

by:moty66
Comment Utility
so what about the gate way, i want to assign a gate way to the VPN dial in users ..
i dont want to take it from the DHCP.
is it impossible to do it from RRAS ?
0
 
LVL 8

Expert Comment

by:scraig84
Comment Utility
Like I said, a dialin client does not have the option for a gateway - it is only connected to one device.  Therefore, it has no option but to forward all of its traffic to its peer (the RAS server).  From the RAS server, it just uses the gateway of the server.  I believe there is a checkbox in the RAS server settings of whether or not to allow clients to use this.  If you you don't the clients will not be able to forward traffic off of the RAS server's segment.  Typically though, you want the client to behave as if it were sitting on the network, so you allow this use.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 3

Accepted Solution

by:
CyberStretch earned 200 total points
Comment Utility
My suggestion, as well, included the information for Static Addressing. In fact, I even suggested using it if the user population was relatively small.

However, the reason DHCP was implemented (to prevent having to make static assignments to multiple systems) still holds its benefits in this scenario as well.

If the available IP pool is too small to assign an IP per person, and the intended usage patterns of the users will allow, DHCP can be used to effectively manage the IP allocations for the users based off a "first come, first served" model.

In addition, DHCP has the least amount of administrative overhead since if something changes, you change the DHCP configuration and *nothing* on all the clients (except perhaps the IP they dial into) nor the individual User Accounts.

Therefore, depending upon the size of the user population and available IP space, either method would be acceptable.
0
 
LVL 8

Expert Comment

by:scraig84
Comment Utility
Cyberstretch - I think you are misunderstanding my point, unless I am misunderstanding yours.  My point is that you can still provide dynamic address assignment without setting up a DHCP server.  A RAS server has the ability to store its own local pool for the use of handing addresses to its clients.  This provides all of the benefits of DHCP without actually having to set up a DHCP server.
0
 
LVL 3

Expert Comment

by:CyberStretch
Comment Utility
scraig,

It could be possible that there is a misunderstanding.

However, I took the original post to mean that there already *is* a DHCP server on the network ("the first with DHCP and Remote access for the dialup user and it is working ok."). If there is an existing DHCP server that has an IP pool large enough to accomodate the RAS/VPN clients, I figure that it would be more beneficial to use the DHCP server than configuring RAS with an IP block out of the existing allocation to avoid any possible IP conflicts.

By having multiple IP blocks/allocations/scopes, etc, in multiple configurations (ie, DHCP, RRAS settings, etc) you increase the complexity and the potential for error when assigning IP addresses.

The main point I am trying to get across is that centralized IP management usually works out better than decentralizing it by allowing multiple sources to control blocks of IPs. It helps a heck of a lot when things go wrong too.

In the end, I think we are basically saying the same thing, just different methods of achieving the same result.
0
 
LVL 17

Expert Comment

by:mikecr
Comment Utility
I have to disagree with that to a point. We assign Ip's via DHCP from the RRAS server rather than using the regular DHCP server. We give the dialin users a different scope as this makes it easier for us to figure out who is doing what from where whenever something happens. I know whether a dialin user is doing something or a regular joe blow from the lan. Centralized management may be beneficial in some cases, but not all.
0
 

Expert Comment

by:CleanupPing
Comment Utility
moty66:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now