Masterrer
asked on
Server 2008 R2 does not issue DHCP when connecting from outside the office
Problem Description:
Client running Windows 7 Enterprise connects to Server 2008 R2 (DC, DHCP, DNS, NPS roles) via Sonicwall VPN, but does not receive DHCP from the server
The Sonicwall VPN is configured to authenticate users via RADIUS and relay DHCP requests to the DC.
RADIUS authentication works just fine.
DHCP has only one scope, and should hand out IP from the same pool as the local office.
My thoughts:
This exact setup used to work just fine on the old 2003 sever, which makes me suspect the issue lies in the DC.
Any suggestions on how to troubleshoot this are welcome
If you need any additional info just ask.
P.S. I tried to make a reservation for the virtual VPN MAC on the server, it had no effect.
Client running Windows 7 Enterprise connects to Server 2008 R2 (DC, DHCP, DNS, NPS roles) via Sonicwall VPN, but does not receive DHCP from the server
The Sonicwall VPN is configured to authenticate users via RADIUS and relay DHCP requests to the DC.
RADIUS authentication works just fine.
DHCP has only one scope, and should hand out IP from the same pool as the local office.
My thoughts:
This exact setup used to work just fine on the old 2003 sever, which makes me suspect the issue lies in the DC.
Any suggestions on how to troubleshoot this are welcome
If you need any additional info just ask.
P.S. I tried to make a reservation for the virtual VPN MAC on the server, it had no effect.
ASKER
The document is very outdated, the settings and options described there either no longer exist or have been renamed or moved, but still the answer is Yes.
I am pretty sure the issue is not in the Sonicwall. But if you can can tell me how to troubleshoot, and pin point the problem I'm listening.
I have tried packet capture, but making sense of it is difficult to me.
I am pretty sure the issue is not in the Sonicwall. But if you can can tell me how to troubleshoot, and pin point the problem I'm listening.
I have tried packet capture, but making sense of it is difficult to me.
i expect it can be problem with fallowing component
check Sonicwall configuration with DHCP relay if option is enabled , DHCP server is accessible for Sonicwall and DHCP ports are open for VPN client (546 DHCP Client,547 DHCP Server )
check Sonicwall configuration with DHCP relay if option is enabled , DHCP server is accessible for Sonicwall and DHCP ports are open for VPN client (546 DHCP Client,547 DHCP Server )
ASKER
I have performed some paket capture, on the Client and on the router:
After establishing the VPN connection, client sends a DHCP Discover Packet to the router
Router receives that packet and reports it as FORWARDED, it does not however state where it is being forwarded, and I don't see any option on the router to trace it further
DHCP relay is enabled, I don't know how to check if the sonicwall sees the DHCP server, should I ping a specific port from the sonicwall?
The firewall on the client is disabled, but I will try to manually add the ports you mentioned.
After establishing the VPN connection, client sends a DHCP Discover Packet to the router
Router receives that packet and reports it as FORWARDED, it does not however state where it is being forwarded, and I don't see any option on the router to trace it further
DHCP relay is enabled, I don't know how to check if the sonicwall sees the DHCP server, should I ping a specific port from the sonicwall?
The firewall on the client is disabled, but I will try to manually add the ports you mentioned.
i am not sure if you have such option in sonicwall to ping a IP based on port so check if you able to do this !
else i recommend to use your laptop connect to the same network cable/network port wear your sonicwall is connected , and check if you able to see port 547 open from your DHCP server via some network Port scanner !
else i recommend to use your laptop connect to the same network cable/network port wear your sonicwall is connected , and check if you able to see port 547 open from your DHCP server via some network Port scanner !
ASKER
unfortunately there is no option to ping a specific port with sonicwall
What i did notice though:
Sonicwall has a local IP of 172.20.40.1
DHCP Server has an IP of 172.20.40.10
When I set the sonicwall to forward DHCP requests to 172.20.40.10 the VPN client does not recieve an IP
but if I specify sonicwall to use a relay IP address 172.20.40.200 the VPN client does recieve an IP of 172.20.40.100, though it reports "could not find domain controller for this domain" (but that's not as important, because the relay should not be used in my configuration)
Also the arp table on the dhcp server reports
sonicwall LAN mac: 172.20.40.1
same as above: 172.20.40.200
sonicwall WAN mac: 172.20.40.100
The DHCP console however lists the 172.20.40.100 as having the MAC of the VPN clients NIC not the sonicwall WAN mac.
I don't know what to make of this...
What i did notice though:
Sonicwall has a local IP of 172.20.40.1
DHCP Server has an IP of 172.20.40.10
When I set the sonicwall to forward DHCP requests to 172.20.40.10 the VPN client does not recieve an IP
but if I specify sonicwall to use a relay IP address 172.20.40.200 the VPN client does recieve an IP of 172.20.40.100, though it reports "could not find domain controller for this domain" (but that's not as important, because the relay should not be used in my configuration)
Also the arp table on the dhcp server reports
sonicwall LAN mac: 172.20.40.1
same as above: 172.20.40.200
sonicwall WAN mac: 172.20.40.100
The DHCP console however lists the 172.20.40.100 as having the MAC of the VPN clients NIC not the sonicwall WAN mac.
I don't know what to make of this...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The problem was in router config, not DHCP settings
good to know your problem resolved
check the fallowing sonicwall document to re verify your setup
http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=TN&id=41