Few questions regarding DHCP on branch office connected via VPN to head office

I am planning to install a windows server 2008 r2 server at an office 3000 miles from our head office.
connect the two sites with hardware VPNs

I was then planning to install DHCP and DNS role on the server.

Question.. would clients at the head office ever be assigned an address from this remote DHCP server?

Is my planned setup the best way for us to connect our offices?
The server will host applications, files and printers.

Accessing the applications purely over vpn without a local server is too slow, and citrix/remote desktop services is also too slow.
antoniokingAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
agonza07Connect With a Mentor Commented:
You will need to configure different subnets, and DHCP requests will not traverse subnets unless you manually configure it.

You should be good with your configuration for the most part. Just note that I'm not considering what you do with your files, applications, and everything else you will be putting on the branch server.
0
 
mgpremkumarCommented:
You mentioned that the server will host applications, files and printers, would these services be using authentication?
0
 
antoniokingAuthor Commented:
The application will require authentication.

I'm now thinking of using a dial on vpn from the branch office server to dial-in to a server at the head office.

the head office cannot ping the ip or name of the branch office in this manner though, how do i resolve this?
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
agonza07Commented:
I would go back to your original thinking and do hardware VPN. That way you can have a different subnet at the branch office.
0
 
antoniokingAuthor Commented:
thanks agonza07, I will implement a hardware vpn. however for now I need to get the sites connected without one.
0
 
agonza07Commented:
Do you have Win2008 R2 at each site? Multiple NICs available? Can you configure the routers to do passthrough?

Check this out and see if it helps.

http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/450d6149-d8fd-497e-959d-ed9fe332456d/

It's possible to create a site-to-site VPN using just RRAS but you have to be very careful with setting it up. The static routes which route traffic from one site to the other must bind properly to the demand-dial interfaces when the connection is made. You have to set this up manually. Only when this happens will the routing work between sites. Each site must have a static route to the other site through the VPN connection.
 
RRAS Demand-Dial Connections
 http://technet.microsoft.com/en-us/library/dd315852(WS.10).aspx
 
RRAS Demand dial interface <interface name> should support encryption of the data
 http://technet.microsoft.com/en-us/library/ee922630(WS.10).aspx
 
Unable to ping the tunnel address of a Demand Dial Connection on Windows Server 2008 RRAS
 As a best practice recommendation a server hosting RRAS should contain two NICs and be hosted on its own server. This helps keep the networking simple and if the server is compromised it keeps it a step away from sensitive data that may exist on other servers.
 A Quick Review – Setting up a RRAS Demand Dial Connection
 http://blogs.technet.com/b/networking/archive/2008/11/07/unable-to-ping-the-tunnel-address-of-a-demand-dial-connection-on-windows-server-2008-rras.aspx
 
How do I... Configure a network to use demand dial routing?
 http://www.techrepublic.com/article/how-do-i-configure-a-network-to-use-demand-dial-routing/6103901
0
 
antoniokingAuthor Commented:
Unfortunately one of the servers only has one NIC.
for now am using a dial-in vpn connection, i've set the server to auto-login as administrator and used windows task scheduler to run rasdial to sign in the vpn connection.
0
 
agonza07Commented:
Let's break it down again.

Win2008R2 at the branch office with auto-login and rasdial for VPN connetion. Right?

You can ping the main office, but the main office can't ping the server at the branch office?

What type of server do you have at the main office?
What IP address are you getting at the branch office for the VPN?
0
 
antoniokingAuthor Commented:
Yep, win2008r2 at branch, auto-logon and rasdial for vpn. Works fine.
I can ping the main office, the main office can ping the "assigned ip" but not the actual ip of the local lan.

Main office is 2008r2 too.
Main office ip range is 192.168.58.0/24
branch office ip range is 192.168.0.0/16
0
 
agonza07Commented:
What's the assigned IP? Is it within the main office ip range?

I think your trying to configure a site to site over a dial-in VPN and it doesnt work that way.

The VPN will only work with the assigned IP. If you wanted to route the entire branch network, then you need to do a site to site VPN and I've really only done them with hardware vpn units and not on windows servers.

Check out the links above if you want to try and make it work.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.