Solved

Cisco 1800 VPN  Router - connecting multiple offices

Posted on 2008-10-08
16
419 Views
Last Modified: 2013-12-04
Hello

I have two Cisco 1800 routers. Each one installed at a different location.
can these routers perform the following tasks:
- Assign DHCP addresses to their local workstations
- Assign fixed DHCP addresses to their local printers.
- Connect to each other over a WAN so that network resources can be shared across offices

The domain server is at HQ. There is no domain server at the second location
Should I disable DHCP on the domain server?
0
Comment
Question by:adimit
  • 8
  • 7
16 Comments
 
LVL 4

Assisted Solution

by:icanhelp
icanhelp earned 500 total points
ID: 22671520
First, you should not disable dhcp on the domain controller espectially if it's Microsoft Active Directory.  The reason for this is because AD handles ip addressing with DNS hand in hand.  I would not recommend using the 1800 as the dhcp server at HQ.  At the branch office however, if there is no Domain Controller (DC), then by all means allow it to serve this role.

Secondly, in order to answer your question about the resource sharing you can use netbios services to accomplish folder/file sharing.  At the branch office, I do not recommend windows mapping of drives to the network resource, but rather just create shortcuts (using ip based UNC naming conventions) and install printers via IP Standard ports.

I shouldn't assume anything, but is your WAN a point to point T or is it a VPN tunnel?

cheers
rc
0
 

Author Comment

by:adimit
ID: 22671615
the WAN will be a VPN Tunnel

Should I configure my router at HQ to hand over DHCP assignment to the server then?

Can I assign fixed IP addresses for printers through the router at the remote location?
I am assuming that Resource Sharing should work automatically once the routers are in place

0
 

Author Comment

by:adimit
ID: 22671619
what problems will occur if DHCP is not handled by the DNS server?
0
 
LVL 4

Assisted Solution

by:icanhelp
icanhelp earned 500 total points
ID: 22672057
Active Directory tightly integrates Host Records (H) in its DNS system that reference objects located within Active directory itself (whether it's a computer object or server object or domain controller object...etc).  If you're working with Active Directory you might as well have the domain controller run the AD services along with DNS & DHCP.  Otherwise, many people have problems integrating DHCP correctly within their domain because of the references each computer object makes within Microsoft DNS.  without the proper reference, you will not be able to log into the AD or will not be passed the proper token for using Domain level resources.

rc
0
 

Author Comment

by:adimit
ID: 22687729
since my VPN routers are assigning DHCP addresses at each location, how do I tell these routers to have my DHCP server assign addresses, or at least to register the DHCP addresses into my DHCP server for network resource sharing
0
 
LVL 4

Assisted Solution

by:icanhelp
icanhelp earned 500 total points
ID: 22687811
1 week lease time is typical, but is more important to know how often you need these workstation addresses changed.

As for your first question, it is only important to have your sites with domain controllers do the dhcp request.  branch offices without a domain controller (specifically active directory) can use the router for dhcp advertisements.

If you don't already have this setup, then follow the article below to setup dhcp services on an Active Directory domain controller to serve dhcp requests.  I could explain it, but this site already has nice visual aids to help in your setup:

http://www.windowsnetworking.com/articles_tutorials/DHCP_Server_Windows_2003.html
0
 
LVL 4

Assisted Solution

by:icanhelp
icanhelp earned 500 total points
ID: 22701735
did this help you?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:adimit
ID: 22712604
Hello

I have already setup DHCP on my server. The problem is that when clients start up their workstations it is the VPN router that assigns the DHCP addresses and not the DHCP server. This is evident by taking a look at the leased IP addresses on the router and DHCP server. The DHCP server never has any leased addresses. My dilemma is that the DHCP server even if configured does not lease the addresses unless the VPN router is shut down or DHCP is disabled on the VPN router. In such a scenario no one has internet access or LAN access.
0
 
LVL 4

Assisted Solution

by:icanhelp
icanhelp earned 500 total points
ID: 22741497
First, the leased addresses need to be released from each workstation before it will send a dhcp request on the local area network.  Secondly, you need to stop your dhcp service on your router by issuing the command "no service ip dhcp".  Lastly make sure that your dhcp server is on the exact same subnet as your LAN clients should be.  Depending on the type of layer 2 switch you have, if it has the capability to create multiple VLANs, then you will have to make sure that all clients and the dhcp server are on the same VLAN ID.  By the way, you should ALWAYS only have 1 DHCP service running on your LAN.

cheers,

rc
0
 

Author Comment

by:adimit
ID: 22741815
if I disable DHCP on the VPN router then stations on the LAN do not have any interent access, even after I release all IP Addresses from the VPN router
0
 
LVL 4

Assisted Solution

by:icanhelp
icanhelp earned 500 total points
ID: 22742044
Here are the steps:

1.  First pick 1 and only 1 workstation to test on.
2.  shut off dhcp on router for the LAN dhcp service only (not your dhcp pool for VPN clients)
3.  make sure dhcp service is running on your windows box and on the same subnet + vlan as your test workstation.  restart windows dhcp service and that you see the scope in the "green up arrow" status
4.  on the workstation, pull up ms-dos and issue the following commands:
    -  ipconfig /release    {this will release your dhcp assigned ip address}
    -  ipconfig /renew     {this will request an address by broadcasting to a dhcp server on tcp 67 & 68}
...
If your dhcp scope is correct, server is on the right VLAN, server has the correct network signature for this VLAN (ip + subnet mask), your dhcp service for LAN hosts on router is shut off, then this will work.  There's nothing else that's needed.  If you do run into a problem and you've done all of these things, then you have a problem with your windows dhcp service.
0
 

Author Comment

by:adimit
ID: 22742090
I have not set up a VLAN anywhere, as such I should only have one LAN. Should I be setting up a VLAN somewhere?
0
 
LVL 4

Assisted Solution

by:icanhelp
icanhelp earned 500 total points
ID: 22742287
not necessary unless you have multiple VLANs to split up broadcast domains....also, you'd need a layer 3 (router) device to forward packets from 1 VLAN to the next.  However I included the VLAN consideration just in case you had a multi-vlan environement.  Skip that portion and do the rest.  You should be good after that.
0
 

Author Comment

by:adimit
ID: 22753504
at this point my win2k3 domain controller is not serving up DHCP addresses even if all other DHCP servers are disabled. I have read countless articles, and tried countless solutions. Maybe you have one.
This is not the first time I have setup DHCP. It is not difficult.   My old domain controller running windows 2000 can lease DHCP addresses. The replacement server cannot. The replacement is multi-homed, but I assure you that only one NIC is activated/bound for use on the DHCP server.

What else can I try
0
 

Accepted Solution

by:
adimit earned 0 total points
ID: 22762031
The problem has been solved. As you stated it was my DHCP server that was malfunctioning. I have a multihomed server with two network cards. That was the root of the problem.

My second NIC is on a separate subnet as the primary NIC (which acts as a DHCP server). I changed the subnet of the secondary NIC to that of the primary, and connected a client to the DHCP server. I then changed the subnet of the secondary NIC to its original subnet.  As of now all of my clients are getting their DHCP addresses from my DHCP server.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now