Solved

Few questions regarding DHCP on branch office connected via VPN to head office

Posted on 2013-01-21
10
511 Views
Last Modified: 2013-02-12
I am planning to install a windows server 2008 r2 server at an office 3000 miles from our head office.
connect the two sites with hardware VPNs

I was then planning to install DHCP and DNS role on the server.

Question.. would clients at the head office ever be assigned an address from this remote DHCP server?

Is my planned setup the best way for us to connect our offices?
The server will host applications, files and printers.

Accessing the applications purely over vpn without a local server is too slow, and citrix/remote desktop services is also too slow.
0
Comment
Question by:antonioking
  • 5
  • 4
10 Comments
 
LVL 20

Accepted Solution

by:
agonza07 earned 500 total points
ID: 38803428
You will need to configure different subnets, and DHCP requests will not traverse subnets unless you manually configure it.

You should be good with your configuration for the most part. Just note that I'm not considering what you do with your files, applications, and everything else you will be putting on the branch server.
0
 
LVL 4

Expert Comment

by:mgpremkumar
ID: 38804046
You mentioned that the server will host applications, files and printers, would these services be using authentication?
0
 

Author Comment

by:antonioking
ID: 38805105
The application will require authentication.

I'm now thinking of using a dial on vpn from the branch office server to dial-in to a server at the head office.

the head office cannot ping the ip or name of the branch office in this manner though, how do i resolve this?
0
 
LVL 20

Expert Comment

by:agonza07
ID: 38805621
I would go back to your original thinking and do hardware VPN. That way you can have a different subnet at the branch office.
0
 

Author Comment

by:antonioking
ID: 38805749
thanks agonza07, I will implement a hardware vpn. however for now I need to get the sites connected without one.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 20

Expert Comment

by:agonza07
ID: 38806046
Do you have Win2008 R2 at each site? Multiple NICs available? Can you configure the routers to do passthrough?

Check this out and see if it helps.

http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/450d6149-d8fd-497e-959d-ed9fe332456d/

It's possible to create a site-to-site VPN using just RRAS but you have to be very careful with setting it up. The static routes which route traffic from one site to the other must bind properly to the demand-dial interfaces when the connection is made. You have to set this up manually. Only when this happens will the routing work between sites. Each site must have a static route to the other site through the VPN connection.
 
RRAS Demand-Dial Connections
 http://technet.microsoft.com/en-us/library/dd315852(WS.10).aspx
 
RRAS Demand dial interface <interface name> should support encryption of the data
 http://technet.microsoft.com/en-us/library/ee922630(WS.10).aspx
 
Unable to ping the tunnel address of a Demand Dial Connection on Windows Server 2008 RRAS
 As a best practice recommendation a server hosting RRAS should contain two NICs and be hosted on its own server. This helps keep the networking simple and if the server is compromised it keeps it a step away from sensitive data that may exist on other servers.
 A Quick Review – Setting up a RRAS Demand Dial Connection
 http://blogs.technet.com/b/networking/archive/2008/11/07/unable-to-ping-the-tunnel-address-of-a-demand-dial-connection-on-windows-server-2008-rras.aspx
 
How do I... Configure a network to use demand dial routing?
 http://www.techrepublic.com/article/how-do-i-configure-a-network-to-use-demand-dial-routing/6103901
0
 

Author Comment

by:antonioking
ID: 38806069
Unfortunately one of the servers only has one NIC.
for now am using a dial-in vpn connection, i've set the server to auto-login as administrator and used windows task scheduler to run rasdial to sign in the vpn connection.
0
 
LVL 20

Expert Comment

by:agonza07
ID: 38806093
Let's break it down again.

Win2008R2 at the branch office with auto-login and rasdial for VPN connetion. Right?

You can ping the main office, but the main office can't ping the server at the branch office?

What type of server do you have at the main office?
What IP address are you getting at the branch office for the VPN?
0
 

Author Comment

by:antonioking
ID: 38806142
Yep, win2008r2 at branch, auto-logon and rasdial for vpn. Works fine.
I can ping the main office, the main office can ping the "assigned ip" but not the actual ip of the local lan.

Main office is 2008r2 too.
Main office ip range is 192.168.58.0/24
branch office ip range is 192.168.0.0/16
0
 
LVL 20

Expert Comment

by:agonza07
ID: 38806203
What's the assigned IP? Is it within the main office ip range?

I think your trying to configure a site to site over a dial-in VPN and it doesnt work that way.

The VPN will only work with the assigned IP. If you wanted to route the entire branch network, then you need to do a site to site VPN and I've really only done them with hardware vpn units and not on windows servers.

Check out the links above if you want to try and make it work.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now