titan6400
asked on
Cisco VPN 3000 Concentrator & Windows DHCP Server
My company has two full class C IP address blocks. The first is reserved exclusively for our primary corporate office. The second block is split up amongst our several satellite offices. There are several subnets unused in this second block.
We have a Cisco VPN 3000 Concentrator for providing remote access. At the moment, the concentrator just relays DHCP requests to our DHCP server in our primary office and they get addresses that are in that first class C block for our primary office. This is not desirable; I would much rather have the remote access clients get IP addresses from a leftover subnet within that second block of addresses.
I've tried doing this by just using the internally configurable IP Pool functionality in the Concentrator, but the problem with this is that I can't figure out how to give the clients an appropriate subnet mask for that little subnet that I'd use for only VPN clients. They get the standard classful mask, which means that they won't be able to reach other clients within that second class C block of addresses. --- If someone can tell me how to specify an appropriate subnet mask, that would work.
Otherwise, I'd like to just have the same setup with the Concentrator relaying DHCP requests to our DHCP server, but I'd like the DHCP server to give out addresses from a different scope as the "primary office" range of addresses. Is it somehow possible to configure a Windows 2000 Server DHCP server to give out these subnet addresses only to requests originating at the VPN concentrator?
Thanks!
We have a Cisco VPN 3000 Concentrator for providing remote access. At the moment, the concentrator just relays DHCP requests to our DHCP server in our primary office and they get addresses that are in that first class C block for our primary office. This is not desirable; I would much rather have the remote access clients get IP addresses from a leftover subnet within that second block of addresses.
I've tried doing this by just using the internally configurable IP Pool functionality in the Concentrator, but the problem with this is that I can't figure out how to give the clients an appropriate subnet mask for that little subnet that I'd use for only VPN clients. They get the standard classful mask, which means that they won't be able to reach other clients within that second class C block of addresses. --- If someone can tell me how to specify an appropriate subnet mask, that would work.
Otherwise, I'd like to just have the same setup with the Concentrator relaying DHCP requests to our DHCP server, but I'd like the DHCP server to give out addresses from a different scope as the "primary office" range of addresses. Is it somehow possible to configure a Windows 2000 Server DHCP server to give out these subnet addresses only to requests originating at the VPN concentrator?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If not, why do remote clients require access to other remote clients?
For remote access, each group of users can receive different DHCP scopes. Under Group settings -> General -> The DHCP Network Scope.
Configuration | System | Servers | DHCP screen...Enter the IP sub-network
Enter 0.0.0.0 for the default; by default, the DHCP server assigns addresses to the IP sub-network of the VPN Concentrator's private interface.
If the Windows DHCP server is relaying IP's to these scopes, you filter for group (location).
IAS could also be used to provide DHCP groups - likely with greater ease then the 3005.
HTHs