Windows 2003 Server DHCP Clients and Site to Site VPN
Good Afternoon Everyone...
I currently have a Windows 2003 R2 Standard Server that I just setup with DHCP, DNS, AD, and RRAS. This server is in our home office. This server has 2 NIC's, private one is for all the clients with an IP address of 192.168.150.xx. The public NIC is connected to a Linksys RV042 router that is configured with a gateway to gateway VPN. Our remote office has a RV042 that is the other end of the gateway to gateway site to site VPN. This router is the DHCP for the clients at that office.
So here is the issue. The remote computers can see the server by going to the address bar and typing in the computer name. The server at the home office can do the same with the computers at the remote site. The clients behind the server at the home office can't see the remote office computers. I'm assuming that I'm missing a configuration on the server to allow the DHCP clients to see the site to site VPN clients.
I've searched and searched for answers and can't find one that fits this issue...
Thanks in advance!!!!
I currently have a Windows 2003 R2 Standard Server that I just setup with DHCP, DNS, AD, and RRAS. This server is in our home office. This server has 2 NIC's, private one is for all the clients with an IP address of 192.168.150.xx. The public NIC is connected to a Linksys RV042 router that is configured with a gateway to gateway VPN. Our remote office has a RV042 that is the other end of the gateway to gateway site to site VPN. This router is the DHCP for the clients at that office.
So here is the issue. The remote computers can see the server by going to the address bar and typing in the computer name. The server at the home office can do the same with the computers at the remote site. The clients behind the server at the home office can't see the remote office computers. I'm assuming that I'm missing a configuration on the server to allow the DHCP clients to see the site to site VPN clients.
I've searched and searched for answers and can't find one that fits this issue...
Thanks in advance!!!!
akrdm
I would suggest checking what you are using for your DNS server and make sure there are entries in the server for the computesr at the remote site so that it knows how to route to those computers. You might also be able to set the Secondary DNS server as the routher's IP address on the other end of the gateway VPN and see if that allows the computers to see them or atleast get to them by name or IP address.
ASKER
I checked the DNS on the 2003 server and there isn't an entry for the VPN computers. Should they have a record even though they aren't using the server for DNS? These computers at the remote site aren't connecting to RRAS for VPN....
ASKER
Just checking in to see if anyone had any thoughts on this issue...
Thanks again...
Thanks again...
When you say can't see, do you mean that they cannot browse to the computers / ping them by name / ip address?
Do you have a single default gateway on the Server (the public one is usually the default gateway but this would be dependent on your network, but there must only be one)
Can you tracert to the remote workstations (by name / ip address)
If there is no DNS entry for those remote workstations it is unlikely you will be able to ping / whatever by name, but I want to check your routing first and then go from there
Do you have a single default gateway on the Server (the public one is usually the default gateway but this would be dependent on your network, but there must only be one)
Can you tracert to the remote workstations (by name / ip address)
If there is no DNS entry for those remote workstations it is unlikely you will be able to ping / whatever by name, but I want to check your routing first and then go from there
ASKER
Right, from the DHCP clients behind the server, I can't ping or browse the computers on the VPN end. The DHCP clients use the servers private side IP as the their gateway. The server's public IP is coming from the RV042. From the server I can ping and browse the VPN clients. I'm assuming this is possible because the VPN clients are connected to the RV042. Also, the VPN clients are logging into their computer not the domain.
If I have the remote site clients connect to the server with RRAS, I can ping them fine from any computer on the network, the problem there is that I don't want to have to rely on the user starting the connection ever time they start up their computer.
So in short, the server can see the VPN clients because they it is connected to the site to site router, but the DHCP clients behind the server can't see them....
Thanks for helping!!!
If I have the remote site clients connect to the server with RRAS, I can ping them fine from any computer on the network, the problem there is that I don't want to have to rely on the user starting the connection ever time they start up their computer.
So in short, the server can see the VPN clients because they it is connected to the site to site router, but the DHCP clients behind the server can't see them....
Thanks for helping!!!
Have you got a static route on the Server to the VPN network? When you tracert to the VPN from a DHCP client is the LAST working IP the Server?
ASKER
I don't believe I do, if I look in RRAS there are no static routes. If I tracert to a VPN client, they all timeout...
Add the static route in to the VPN network and see what happens - what is the last successful hop when starting at a DHCP client?
Oh, and you do only have one default gateway yes?
ASKER
Yes, the server is the only gateway...
So you want to add a the in house LAN IP to the static routes portion of RRAS?
So you want to add a the in house LAN IP to the static routes portion of RRAS?
1. The SERVER should only have the 1 default gateway - check that
2. You need a route to whichever does not hang off the default gateway. So if your inhouse LAN is on the same subnet as the default gateway you want to add a route to the VPN network and visa versa
2. You need a route to whichever does not hang off the default gateway. So if your inhouse LAN is on the same subnet as the default gateway you want to add a route to the VPN network and visa versa
ASKER
Ok, did an ipconfig on the server and it shows the only gateway is 192.168.111.1 which is the RV042.
The server's private static ip is 192.168.150.254
The DHCP clients get 192.168.150.xxx
The remote site's RV042's private address is 192.168.1.1
The DHCP clients there get 192.168.1.xxx
In static routes there are two NIC's to choose from, Public (192.168.111.2) and Private (192.168.150.254). Should I make a route that is tied to the private card and point that to 192.168.1.1 for the remote site router?
Sorry if I'm not catching on, I was forced into learning about servers due to ours at work crashing...
Thanks again for taking all this time to help me...
The server's private static ip is 192.168.150.254
The DHCP clients get 192.168.150.xxx
The remote site's RV042's private address is 192.168.1.1
The DHCP clients there get 192.168.1.xxx
In static routes there are two NIC's to choose from, Public (192.168.111.2) and Private (192.168.150.254). Should I make a route that is tied to the private card and point that to 192.168.1.1 for the remote site router?
Sorry if I'm not catching on, I was forced into learning about servers due to ours at work crashing...
Thanks again for taking all this time to help me...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Very cool, I'll give that a try and let you know how it goes...
ASKER
Alright, I added a static route for the Private adapter.
Destination: 192.168.1.0
Subnet: 255.255.255.0
Gateway: 192.168.1.1
I have 3 computers at the remote office. From the server I can ping them all by Computer name and IP address. From the DHCP clients behind the server, I can ping one of them by IP address and name, the other two when I try to ping them by name, it times out. I did notice that when the name is resolved it is coming up with a 192.168.150.xxx instead of a 192.168.1.xxx. The two that do that had a one point connected with Windows XP VPN software.
From the server I can type in the computer name or ip of the remote VPN computers and it connects. From the DHCP clients, if I type in the computer name or ip or the remotes, it does not connect...
Fix one thing, and more stuff creeps up....lol
Thanks again...
Destination: 192.168.1.0
Subnet: 255.255.255.0
Gateway: 192.168.1.1
I have 3 computers at the remote office. From the server I can ping them all by Computer name and IP address. From the DHCP clients behind the server, I can ping one of them by IP address and name, the other two when I try to ping them by name, it times out. I did notice that when the name is resolved it is coming up with a 192.168.150.xxx instead of a 192.168.1.xxx. The two that do that had a one point connected with Windows XP VPN software.
From the server I can type in the computer name or ip of the remote VPN computers and it connects. From the DHCP clients, if I type in the computer name or ip or the remotes, it does not connect...
Fix one thing, and more stuff creeps up....lol
Thanks again...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ahh ok, let me check it out...
ASKER
You're right, the gateway is 192.168.111.1. I checked the routing table and with it set at 192.168.1.1 it didn't not configure, with 192.168.111.1 it did.
So now I just need to mess with the couple of VPN clients that are pulling .150.xxx IP addresses, I can do that without bugging you....
I want to say thanks again for all the help, really appreciate it...
So now I just need to mess with the couple of VPN clients that are pulling .150.xxx IP addresses, I can do that without bugging you....
I want to say thanks again for all the help, really appreciate it...