Cisco VPN 3000 Concentrator & Windows DHCP Server
Posted on 2004-08-14
My company has two full class C IP address blocks. The first is reserved exclusively for our primary corporate office. The second block is split up amongst our several satellite offices. There are several subnets unused in this second block.
We have a Cisco VPN 3000 Concentrator for providing remote access. At the moment, the concentrator just relays DHCP requests to our DHCP server in our primary office and they get addresses that are in that first class C block for our primary office. This is not desirable; I would much rather have the remote access clients get IP addresses from a leftover subnet within that second block of addresses.
I've tried doing this by just using the internally configurable IP Pool functionality in the Concentrator, but the problem with this is that I can't figure out how to give the clients an appropriate subnet mask for that little subnet that I'd use for only VPN clients. They get the standard classful mask, which means that they won't be able to reach other clients within that second class C block of addresses. --- If someone can tell me how to specify an appropriate subnet mask, that would work.
Otherwise, I'd like to just have the same setup with the Concentrator relaying DHCP requests to our DHCP server, but I'd like the DHCP server to give out addresses from a different scope as the "primary office" range of addresses. Is it somehow possible to configure a Windows 2000 Server DHCP server to give out these subnet addresses only to requests originating at the VPN concentrator?