Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Server 2008 R2 does not issue DHCP when connecting from outside the office

Posted on 2011-09-14
10
Medium Priority
?
1,015 Views
Last Modified: 2012-08-13
Problem Description:
Client running Windows 7 Enterprise connects to Server 2008 R2 (DC, DHCP, DNS, NPS roles) via Sonicwall VPN, but does not receive DHCP from the server

The Sonicwall VPN is configured to authenticate users via RADIUS and relay DHCP requests to the DC.

RADIUS authentication works just fine.
DHCP has only one scope, and should hand out IP from the same pool as the local office.

My thoughts:
This exact setup used to work just fine on the old 2003 sever, which makes me suspect the issue lies in the DC.

Any suggestions on how to troubleshoot this are welcome
If you need any additional info just ask.

P.S. I tried to make a reservation for the virtual VPN MAC on the server, it had no effect.
0
Comment
Question by:Masterrer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 8

Expert Comment

by:Amitabh Singh
ID: 36535900
are you sure you configuring correct option ?

check the fallowing sonicwall document to re verify your setup

http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=TN&id=41
0
 

Author Comment

by:Masterrer
ID: 36536031
The document is very outdated, the settings and options described there either no longer exist or have been renamed or moved, but still the answer is Yes.

I am pretty sure the issue is not in the Sonicwall. But if you can can tell me how to troubleshoot, and pin point the problem I'm listening.
I have tried packet capture, but making sense of it is difficult to me.
0
 
LVL 8

Expert Comment

by:Amitabh Singh
ID: 36536364
i expect it can be problem with fallowing component

check Sonicwall configuration  with DHCP relay if option is enabled , DHCP server is accessible for  Sonicwall and DHCP ports are open for VPN client (546 DHCP Client,547 DHCP Server )
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 

Author Comment

by:Masterrer
ID: 36536453
I have performed some paket capture, on the Client and on the router:

After establishing the VPN connection, client sends a DHCP Discover Packet to the router
Router receives that packet and reports it as FORWARDED, it does not however state where it is being forwarded, and I don't see any option on the router to trace it further

DHCP relay is enabled, I don't know how to check if the sonicwall sees the DHCP server, should I ping a specific port from the sonicwall?

The firewall on the client is disabled, but I will try to manually add the ports you mentioned.
0
 
LVL 8

Expert Comment

by:Amitabh Singh
ID: 36536630
i am not sure if you have such option in sonicwall to ping a IP based on port so check if you able to do this !

else i recommend to use your laptop connect to the same network cable/network port  wear your sonicwall  is connected , and check if you able to see port 547 open from your DHCP server via some network Port scanner  !

0
 

Author Comment

by:Masterrer
ID: 36537902
unfortunately there is no option to ping a specific port with sonicwall

What i did notice though:
Sonicwall has a local IP of 172.20.40.1
DHCP Server  has an IP of 172.20.40.10

When I set the sonicwall to forward DHCP requests to 172.20.40.10 the VPN client does not recieve an IP

but if I specify sonicwall to use a relay IP address 172.20.40.200 the VPN client does recieve an IP of 172.20.40.100, though it reports "could not find domain controller for this domain" (but that's not as important, because the relay should not be used in my configuration)

Also the arp table on the dhcp server reports
sonicwall LAN mac:   172.20.40.1
same as above:         172.20.40.200
sonicwall WAN mac:  172.20.40.100

The DHCP console however lists the 172.20.40.100 as having the MAC of the VPN clients NIC not the sonicwall WAN mac.

I don't know what to make of this...
0
 
LVL 8

Assisted Solution

by:Amitabh Singh
Amitabh Singh earned 400 total points
ID: 36558923
i think its a problem of network masking , what network mask are you using for this network ?

are you using subnetting ?
           network IP                          Valid IP                                     Broadcast IP             Next network start
/25      172.20.40.0 -         172.20.40.1 to 172.20.40.127             172.20.40.128            172.20.40.129
/26      172.20.40.0            172.20.40.1 to 172.20.40.191             172.20.40.192           172.20.40.193

if you using subnetting and mask like show in the list then because of that VPN clients are getting IP  when your public network because differ from your private network , if this is the problem you able to use any IP from next network and it will start work , Example use IP 172.20.40.130 if you using subnet mask 255.255.255.128 or 172.20.40.194 if you using subnet mask 255.255.255.192, it will work ,  if this was the problem in your case then you need to re dissension your IP teleology ;)
0
 

Accepted Solution

by:
Masterrer earned 0 total points
ID: 36915635
The problem was in the Sonicwall User Permissions,
RADIUS users did not have permissions to access other subnets

Thanks for the help!
0
 

Author Closing Comment

by:Masterrer
ID: 36941014
The problem was in router config, not DHCP settings
0
 
LVL 8

Expert Comment

by:Amitabh Singh
ID: 36915660
good to know your problem resolved
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question