titan6400
asked on
Cisco VPN 3000 Concentrator & Microsoft DHCP Server
I have a Cisco 3000 Concentrator running an IPsec Remote Access VPN. Right now, the clients are just getting IP addresses assigned from an internally-configured range set in the concentrator. I'd like them to get their addresses and other IP configuration parameters from a Microsoft DHCP server. We already have DHCP running on one of our domain controllers, and I'd like to just use that as the DHCP server for the VPN clients too. Is there any way that I can setup a new scope on that DHCP server and get it to give VPN clients addresses from one scope, while local network clients still get their addresses from the old scope just like always?
Thanks!
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Very cool, thanks for the help. How do I go about specifying to the DHCP server not to allocate that scope to my non-VPNed clients?
Define a new scope (don't make it part of your existing SuperScope if you have one). Put in IP addresses that are not part of the subnet defined on your DHCP server's local network card. This way the DHCP server won't give out these addresses for local requests unless specifically asked for bu scope name (which will when you define the scope name on your concentrator).
ASKER
Awesome, that works like a charm. I'll award these points to you for sure, martap.
I have another question also. If you could answer it since you seem pretty knowledgable on the topic, I'll work it to award some more points.
The only problem now (and it was occuring when we were using the internal range also) is that the clients don't get a default gateway. The VPN seems to work okay, but I'm not sure if this is normal or not.
Our network is setup with two class C blocks of IPs (for these purposes, I'll call them 10.0.1.0 and 10.0.2.0.) The 10.0.1.0 range is configured entirely for use at our main office. We have a number of other small satellite offices and we have the 10.0.2.0 block subnetted amongst those offices. The VPN clients are being assigned addresses from an unused /27 subnet of that second block.
Since the VPN Concentrator is at our main office, its private address is in the 10.0.1.0 block. Its public address is just in our range assigned to us by our ISP.
The problem is that I don't know what to set for the clients' default gateway. In the VPN Clients block of addresses, there are no actual devices or anything like that and when I put in the address that's outside of the VPN Clients' /27 subnet, the "default gateway" parameter in the ipconfig of a client machine just shows up blank.
Is this how it's supposed to be, am I missing something, or do have something horribly misconfigured?
Thanks!
I have another question also. If you could answer it since you seem pretty knowledgable on the topic, I'll work it to award some more points.
The only problem now (and it was occuring when we were using the internal range also) is that the clients don't get a default gateway. The VPN seems to work okay, but I'm not sure if this is normal or not.
Our network is setup with two class C blocks of IPs (for these purposes, I'll call them 10.0.1.0 and 10.0.2.0.) The 10.0.1.0 range is configured entirely for use at our main office. We have a number of other small satellite offices and we have the 10.0.2.0 block subnetted amongst those offices. The VPN clients are being assigned addresses from an unused /27 subnet of that second block.
Since the VPN Concentrator is at our main office, its private address is in the 10.0.1.0 block. Its public address is just in our range assigned to us by our ISP.
The problem is that I don't know what to set for the clients' default gateway. In the VPN Clients block of addresses, there are no actual devices or anything like that and when I put in the address that's outside of the VPN Clients' /27 subnet, the "default gateway" parameter in the ipconfig of a client machine just shows up blank.
Is this how it's supposed to be, am I missing something, or do have something horribly misconfigured?
Thanks!
You shouldn't configure a default gateway in the scope for the VPN users. Having no default gateway for the VPN connection is normal.
Here's also a config example:
http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2284/products_configuration_example09186a008014a344.shtml