DHCP Server on Windows 2000

Posted on 2002-03-24
Last Modified: 2012-05-07
Hi all ..
I have two server with windows 2000 and active directory, the first with DHCP and Remote access for the dialup user and it is working ok . the secound one for the mail server and the proxy . and i am working with it to make VPN by routning and remote access .. but i face some problems  ..
1- how can i install the DHCP server and i want it to help the VPN only. when i instaled the dhcp all the vpn take ip from the dialup ip (from the first DHCP)
2- how can i give ip, subnet mask, gateway for the routing and access server only. there is no space to write a gate way for the client to on routing and remote acceess like DHCP ??

I need help

i know it is hard to understand my english ... but i need help

note .. i have dhcp installed on the first server .. how can i use one of the two scopes for the secound server
Question by:moty66
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2

Expert Comment

ID: 6892499
Setting up the DHCP and VPN servers on W2K will allow you to setup the DHCP scope (IP range) for VPN connections.


1) Right Click the Server Name (ie, VPNSERVER)
3) Click the IP tab

You can specify DHCP or Static Addressing and the scope. If your DCHP server is on a different system, make sure you have the DCHP Relay Agent installed and configured.

If you have a small number of people who need to dial in, you may want to use Static Addressing and the User Profile and the Dial In tab to set a static IP for each user. This way, you will know from your various logs which IP address is assigned to which person and it makes tracking their activity - and any potential hacking with that account - a lot easier from viewing your log files.

Also, make sure you choose an IP scope that will *not* be used for any other purposes. This will help to avoid IP conflicts.

Expert Comment

ID: 6893849
Its been a while since I have set up RRAS on a Windows box, but can't you set up a pool of addresses directly on the RAS box without having to use DHCP?  Maybe you can't but I thought you could.  Seems like this would make more sense than setting up DHCP just for dialup.

As to your question about a gateway - a dialup client sends all of its traffic to its peer (the RAS server).  From there the traffic is sent like any other traffic from the RAS server, using its gateway etc.
LVL 17

Expert Comment

ID: 6894572
Scraig84 is correct. In Windows 2K, if you go into RRAS and right click on the server name and choose properties, click on the IP tab and then click on the assign from static pool radio button and input your IP address scheme. This is how it should be done when using a different scope than what is normally on the network in RRAS.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 6894901
so what about the gate way, i want to assign a gate way to the VPN dial in users ..
i dont want to take it from the DHCP.
is it impossible to do it from RRAS ?

Expert Comment

ID: 6894919
Like I said, a dialin client does not have the option for a gateway - it is only connected to one device.  Therefore, it has no option but to forward all of its traffic to its peer (the RAS server).  From the RAS server, it just uses the gateway of the server.  I believe there is a checkbox in the RAS server settings of whether or not to allow clients to use this.  If you you don't the clients will not be able to forward traffic off of the RAS server's segment.  Typically though, you want the client to behave as if it were sitting on the network, so you allow this use.

Accepted Solution

CyberStretch earned 200 total points
ID: 6897100
My suggestion, as well, included the information for Static Addressing. In fact, I even suggested using it if the user population was relatively small.

However, the reason DHCP was implemented (to prevent having to make static assignments to multiple systems) still holds its benefits in this scenario as well.

If the available IP pool is too small to assign an IP per person, and the intended usage patterns of the users will allow, DHCP can be used to effectively manage the IP allocations for the users based off a "first come, first served" model.

In addition, DHCP has the least amount of administrative overhead since if something changes, you change the DHCP configuration and *nothing* on all the clients (except perhaps the IP they dial into) nor the individual User Accounts.

Therefore, depending upon the size of the user population and available IP space, either method would be acceptable.

Expert Comment

ID: 6897113
Cyberstretch - I think you are misunderstanding my point, unless I am misunderstanding yours.  My point is that you can still provide dynamic address assignment without setting up a DHCP server.  A RAS server has the ability to store its own local pool for the use of handing addresses to its clients.  This provides all of the benefits of DHCP without actually having to set up a DHCP server.

Expert Comment

ID: 6897534

It could be possible that there is a misunderstanding.

However, I took the original post to mean that there already *is* a DHCP server on the network ("the first with DHCP and Remote access for the dialup user and it is working ok."). If there is an existing DHCP server that has an IP pool large enough to accomodate the RAS/VPN clients, I figure that it would be more beneficial to use the DHCP server than configuring RAS with an IP block out of the existing allocation to avoid any possible IP conflicts.

By having multiple IP blocks/allocations/scopes, etc, in multiple configurations (ie, DHCP, RRAS settings, etc) you increase the complexity and the potential for error when assigning IP addresses.

The main point I am trying to get across is that centralized IP management usually works out better than decentralizing it by allowing multiple sources to control blocks of IPs. It helps a heck of a lot when things go wrong too.

In the end, I think we are basically saying the same thing, just different methods of achieving the same result.
LVL 17

Expert Comment

ID: 6899039
I have to disagree with that to a point. We assign Ip's via DHCP from the RRAS server rather than using the regular DHCP server. We give the dialin users a different scope as this makes it easier for us to figure out who is doing what from where whenever something happens. I know whether a dialin user is doing something or a regular joe blow from the lan. Centralized management may be beneficial in some cases, but not all.

Expert Comment

ID: 9155768
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question