DHCP Server on Windows 2000

Posted on 2002-03-24
Last Modified: 2012-05-07
Hi all ..
I have two server with windows 2000 and active directory, the first with DHCP and Remote access for the dialup user and it is working ok . the secound one for the mail server and the proxy . and i am working with it to make VPN by routning and remote access .. but i face some problems  ..
1- how can i install the DHCP server and i want it to help the VPN only. when i instaled the dhcp all the vpn take ip from the dialup ip (from the first DHCP)
2- how can i give ip, subnet mask, gateway for the routing and access server only. there is no space to write a gate way for the client to on routing and remote acceess like DHCP ??

I need help

i know it is hard to understand my english ... but i need help

note .. i have dhcp installed on the first server .. how can i use one of the two scopes for the secound server
Question by:moty66
  • 3
  • 3
  • 2
  • +2

Expert Comment

ID: 6892499
Setting up the DHCP and VPN servers on W2K will allow you to setup the DHCP scope (IP range) for VPN connections.


1) Right Click the Server Name (ie, VPNSERVER)
3) Click the IP tab

You can specify DHCP or Static Addressing and the scope. If your DCHP server is on a different system, make sure you have the DCHP Relay Agent installed and configured.

If you have a small number of people who need to dial in, you may want to use Static Addressing and the User Profile and the Dial In tab to set a static IP for each user. This way, you will know from your various logs which IP address is assigned to which person and it makes tracking their activity - and any potential hacking with that account - a lot easier from viewing your log files.

Also, make sure you choose an IP scope that will *not* be used for any other purposes. This will help to avoid IP conflicts.

Expert Comment

ID: 6893849
Its been a while since I have set up RRAS on a Windows box, but can't you set up a pool of addresses directly on the RAS box without having to use DHCP?  Maybe you can't but I thought you could.  Seems like this would make more sense than setting up DHCP just for dialup.

As to your question about a gateway - a dialup client sends all of its traffic to its peer (the RAS server).  From there the traffic is sent like any other traffic from the RAS server, using its gateway etc.
LVL 17

Expert Comment

ID: 6894572
Scraig84 is correct. In Windows 2K, if you go into RRAS and right click on the server name and choose properties, click on the IP tab and then click on the assign from static pool radio button and input your IP address scheme. This is how it should be done when using a different scope than what is normally on the network in RRAS.
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.


Author Comment

ID: 6894901
so what about the gate way, i want to assign a gate way to the VPN dial in users ..
i dont want to take it from the DHCP.
is it impossible to do it from RRAS ?

Expert Comment

ID: 6894919
Like I said, a dialin client does not have the option for a gateway - it is only connected to one device.  Therefore, it has no option but to forward all of its traffic to its peer (the RAS server).  From the RAS server, it just uses the gateway of the server.  I believe there is a checkbox in the RAS server settings of whether or not to allow clients to use this.  If you you don't the clients will not be able to forward traffic off of the RAS server's segment.  Typically though, you want the client to behave as if it were sitting on the network, so you allow this use.

Accepted Solution

CyberStretch earned 200 total points
ID: 6897100
My suggestion, as well, included the information for Static Addressing. In fact, I even suggested using it if the user population was relatively small.

However, the reason DHCP was implemented (to prevent having to make static assignments to multiple systems) still holds its benefits in this scenario as well.

If the available IP pool is too small to assign an IP per person, and the intended usage patterns of the users will allow, DHCP can be used to effectively manage the IP allocations for the users based off a "first come, first served" model.

In addition, DHCP has the least amount of administrative overhead since if something changes, you change the DHCP configuration and *nothing* on all the clients (except perhaps the IP they dial into) nor the individual User Accounts.

Therefore, depending upon the size of the user population and available IP space, either method would be acceptable.

Expert Comment

ID: 6897113
Cyberstretch - I think you are misunderstanding my point, unless I am misunderstanding yours.  My point is that you can still provide dynamic address assignment without setting up a DHCP server.  A RAS server has the ability to store its own local pool for the use of handing addresses to its clients.  This provides all of the benefits of DHCP without actually having to set up a DHCP server.

Expert Comment

ID: 6897534

It could be possible that there is a misunderstanding.

However, I took the original post to mean that there already *is* a DHCP server on the network ("the first with DHCP and Remote access for the dialup user and it is working ok."). If there is an existing DHCP server that has an IP pool large enough to accomodate the RAS/VPN clients, I figure that it would be more beneficial to use the DHCP server than configuring RAS with an IP block out of the existing allocation to avoid any possible IP conflicts.

By having multiple IP blocks/allocations/scopes, etc, in multiple configurations (ie, DHCP, RRAS settings, etc) you increase the complexity and the potential for error when assigning IP addresses.

The main point I am trying to get across is that centralized IP management usually works out better than decentralizing it by allowing multiple sources to control blocks of IPs. It helps a heck of a lot when things go wrong too.

In the end, I think we are basically saying the same thing, just different methods of achieving the same result.
LVL 17

Expert Comment

ID: 6899039
I have to disagree with that to a point. We assign Ip's via DHCP from the RRAS server rather than using the regular DHCP server. We give the dialin users a different scope as this makes it easier for us to figure out who is doing what from where whenever something happens. I know whether a dialin user is doing something or a regular joe blow from the lan. Centralized management may be beneficial in some cases, but not all.

Expert Comment

ID: 9155768
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What Can't I Connect by FTP??? 27 101
Can't connect to WAMP server 5 54
Home lab datacenter 9 54
Powerline adapter slow Mbps? 38 126
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question