?
Solved

Few questions regarding DHCP on branch office connected via VPN to head office

Posted on 2013-01-21
10
Medium Priority
?
531 Views
Last Modified: 2013-02-12
I am planning to install a windows server 2008 r2 server at an office 3000 miles from our head office.
connect the two sites with hardware VPNs

I was then planning to install DHCP and DNS role on the server.

Question.. would clients at the head office ever be assigned an address from this remote DHCP server?

Is my planned setup the best way for us to connect our offices?
The server will host applications, files and printers.

Accessing the applications purely over vpn without a local server is too slow, and citrix/remote desktop services is also too slow.
0
Comment
Question by:antonioking
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 20

Accepted Solution

by:
agonza07 earned 2000 total points
ID: 38803428
You will need to configure different subnets, and DHCP requests will not traverse subnets unless you manually configure it.

You should be good with your configuration for the most part. Just note that I'm not considering what you do with your files, applications, and everything else you will be putting on the branch server.
0
 
LVL 4

Expert Comment

by:mgpremkumar
ID: 38804046
You mentioned that the server will host applications, files and printers, would these services be using authentication?
0
 

Author Comment

by:antonioking
ID: 38805105
The application will require authentication.

I'm now thinking of using a dial on vpn from the branch office server to dial-in to a server at the head office.

the head office cannot ping the ip or name of the branch office in this manner though, how do i resolve this?
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 20

Expert Comment

by:agonza07
ID: 38805621
I would go back to your original thinking and do hardware VPN. That way you can have a different subnet at the branch office.
0
 

Author Comment

by:antonioking
ID: 38805749
thanks agonza07, I will implement a hardware vpn. however for now I need to get the sites connected without one.
0
 
LVL 20

Expert Comment

by:agonza07
ID: 38806046
Do you have Win2008 R2 at each site? Multiple NICs available? Can you configure the routers to do passthrough?

Check this out and see if it helps.

http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/450d6149-d8fd-497e-959d-ed9fe332456d/

It's possible to create a site-to-site VPN using just RRAS but you have to be very careful with setting it up. The static routes which route traffic from one site to the other must bind properly to the demand-dial interfaces when the connection is made. You have to set this up manually. Only when this happens will the routing work between sites. Each site must have a static route to the other site through the VPN connection.
 
RRAS Demand-Dial Connections
 http://technet.microsoft.com/en-us/library/dd315852(WS.10).aspx
 
RRAS Demand dial interface <interface name> should support encryption of the data
 http://technet.microsoft.com/en-us/library/ee922630(WS.10).aspx
 
Unable to ping the tunnel address of a Demand Dial Connection on Windows Server 2008 RRAS
 As a best practice recommendation a server hosting RRAS should contain two NICs and be hosted on its own server. This helps keep the networking simple and if the server is compromised it keeps it a step away from sensitive data that may exist on other servers.
 A Quick Review – Setting up a RRAS Demand Dial Connection
 http://blogs.technet.com/b/networking/archive/2008/11/07/unable-to-ping-the-tunnel-address-of-a-demand-dial-connection-on-windows-server-2008-rras.aspx
 
How do I... Configure a network to use demand dial routing?
 http://www.techrepublic.com/article/how-do-i-configure-a-network-to-use-demand-dial-routing/6103901
0
 

Author Comment

by:antonioking
ID: 38806069
Unfortunately one of the servers only has one NIC.
for now am using a dial-in vpn connection, i've set the server to auto-login as administrator and used windows task scheduler to run rasdial to sign in the vpn connection.
0
 
LVL 20

Expert Comment

by:agonza07
ID: 38806093
Let's break it down again.

Win2008R2 at the branch office with auto-login and rasdial for VPN connetion. Right?

You can ping the main office, but the main office can't ping the server at the branch office?

What type of server do you have at the main office?
What IP address are you getting at the branch office for the VPN?
0
 

Author Comment

by:antonioking
ID: 38806142
Yep, win2008r2 at branch, auto-logon and rasdial for vpn. Works fine.
I can ping the main office, the main office can ping the "assigned ip" but not the actual ip of the local lan.

Main office is 2008r2 too.
Main office ip range is 192.168.58.0/24
branch office ip range is 192.168.0.0/16
0
 
LVL 20

Expert Comment

by:agonza07
ID: 38806203
What's the assigned IP? Is it within the main office ip range?

I think your trying to configure a site to site over a dial-in VPN and it doesnt work that way.

The VPN will only work with the assigned IP. If you wanted to route the entire branch network, then you need to do a site to site VPN and I've really only done them with hardware vpn units and not on windows servers.

Check out the links above if you want to try and make it work.
0

Featured Post

Get MySQL database support online, now!

At Percona’s web store you can order your MySQL database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An article on effective troubleshooting
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question