Solved

Questions from a beginner........

Posted on 2002-04-30
4
188 Views
Last Modified: 2010-04-11
I am just starting out in networking and have a few questions that are bugging me....

1) Say I was subnetting a company and the company had ten offices. Each office has its own network because I subnetted it that way. Each office is set up with a VPN and is connected to the central headquarters. DO I need a DHCP server for each office? Or can I just have one DHCP server at the central office and make 10 seperate pools in it that the offices can subscribe to depending on what network they are in?


2) Also, the central office has a T1 connection to the internet, and the VPN is connected with ISDN. do I need a border router with 11 WAN connections, (10 for the ISDN lines, and 1 for the T1?) or do the ISDN lines just go into one slot on the router and then the T1 goes into another? I am a little confused so thatks for the help.
0
Comment
Question by:gbrown08
  • 2
4 Comments
 
LVL 8

Accepted Solution

by:
scraig84 earned 200 total points
ID: 6983155
1 - You can have 1 DHCP server, although having 2 with split pools is better for redundancy in case 1 fails.  With VPN's, it would also depend on what is performing the encryption.  For example, a Cisco router can be a tunnel endpoint and be a DHCP forwarder.  Not everything can - I have never tried with the PIX but doubt that could.  If you had a VPN box that doesn't have that ability, you would have to have a server or something that could perform the forwarding of DHCP requests.  NT servers can do it, but if you have those, you could make them DHCP servers anyway - unless you wanted centralized management.  Anyway - your thoughts are certainly possible, but not necessarily the best design depending on what you want.

2 - Depends on your router.  Some have just a single serial interface, and some have multiple interfaces and slots to change them around or add more.  All depends on how much you spend.  Often (but not always) if you have a VPN scenario, you would have 1 connection to the Internet and use that for both the VPN and Internet access.  Remote offices could use their connections for both through split-tunneling as well (split tunneling allows you to forward only traffic destined for a remote site over the tunnel and the rest goes freely to the Internet with no encryption).

Hope that is of some help!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 6983176
scraig84 made some good points.
1. I agree that you really only need one, two at most, DHCP servers. I have a network with 65 remote offices and only one DHCP server. With a lease of 30 days, the server can be offline for several days and nobody would notice. I also do not think the PIX will forward a BOOTP broadcast at all, whereas a router certainly can.

2. I don't quite follow as to why your VPN's are coming in over ISDN, but if you do have 10 separate ISDN BRI circuits, then yes, you would need a router with 10 BRI ports plus the T1. If, however, your ISDN circuit is a PRI, then you only need one port to service all of your remotes.

I would re-consider having my Internet router also handle communications directly between my corporate LAN and the remotes - VPN's or not. I would use a routerA with T1 port to the Internet--firewall1--routerB with ISDN dial-in--(maybe)firewal2--corporate LAN. FW1 and FW2 can be the same box, but I would definately split the routers into two boxes with a firewall between them.
0
 

Author Comment

by:gbrown08
ID: 6984267
What I was thinking was to have a T1 going out for headquarters to have a T1 internet connection, and the 9 other satellite offices connected to the VPN would have ISDN connection. I would be way to costly to have a T1 for every office. I understand now that the router would only need the T1 connection and the ISDN connection and that would really be all it needed. This is all just theory. So you think that I would just need one DHCP server and a backup one just in case and that should be fine for my entire VPN?

Thanks
0
 
LVL 8

Expert Comment

by:scraig84
ID: 6984273
Yes - as long as something can forward the request!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Cisco MRA Phones 4 28
nmap scanner? 7 82
RIP Routing 5 48
How to best troubleshoot slow internet connections via proxy server? 2 35
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now