Solved

Few questions regarding DHCP on branch office connected via VPN to head office

Posted on 2013-01-21
10
524 Views
Last Modified: 2013-02-12
I am planning to install a windows server 2008 r2 server at an office 3000 miles from our head office.
connect the two sites with hardware VPNs

I was then planning to install DHCP and DNS role on the server.

Question.. would clients at the head office ever be assigned an address from this remote DHCP server?

Is my planned setup the best way for us to connect our offices?
The server will host applications, files and printers.

Accessing the applications purely over vpn without a local server is too slow, and citrix/remote desktop services is also too slow.
0
Comment
Question by:antonioking
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 20

Accepted Solution

by:
agonza07 earned 500 total points
ID: 38803428
You will need to configure different subnets, and DHCP requests will not traverse subnets unless you manually configure it.

You should be good with your configuration for the most part. Just note that I'm not considering what you do with your files, applications, and everything else you will be putting on the branch server.
0
 
LVL 4

Expert Comment

by:mgpremkumar
ID: 38804046
You mentioned that the server will host applications, files and printers, would these services be using authentication?
0
 

Author Comment

by:antonioking
ID: 38805105
The application will require authentication.

I'm now thinking of using a dial on vpn from the branch office server to dial-in to a server at the head office.

the head office cannot ping the ip or name of the branch office in this manner though, how do i resolve this?
0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 
LVL 20

Expert Comment

by:agonza07
ID: 38805621
I would go back to your original thinking and do hardware VPN. That way you can have a different subnet at the branch office.
0
 

Author Comment

by:antonioking
ID: 38805749
thanks agonza07, I will implement a hardware vpn. however for now I need to get the sites connected without one.
0
 
LVL 20

Expert Comment

by:agonza07
ID: 38806046
Do you have Win2008 R2 at each site? Multiple NICs available? Can you configure the routers to do passthrough?

Check this out and see if it helps.

http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/450d6149-d8fd-497e-959d-ed9fe332456d/

It's possible to create a site-to-site VPN using just RRAS but you have to be very careful with setting it up. The static routes which route traffic from one site to the other must bind properly to the demand-dial interfaces when the connection is made. You have to set this up manually. Only when this happens will the routing work between sites. Each site must have a static route to the other site through the VPN connection.
 
RRAS Demand-Dial Connections
 http://technet.microsoft.com/en-us/library/dd315852(WS.10).aspx
 
RRAS Demand dial interface <interface name> should support encryption of the data
 http://technet.microsoft.com/en-us/library/ee922630(WS.10).aspx
 
Unable to ping the tunnel address of a Demand Dial Connection on Windows Server 2008 RRAS
 As a best practice recommendation a server hosting RRAS should contain two NICs and be hosted on its own server. This helps keep the networking simple and if the server is compromised it keeps it a step away from sensitive data that may exist on other servers.
 A Quick Review – Setting up a RRAS Demand Dial Connection
 http://blogs.technet.com/b/networking/archive/2008/11/07/unable-to-ping-the-tunnel-address-of-a-demand-dial-connection-on-windows-server-2008-rras.aspx
 
How do I... Configure a network to use demand dial routing?
 http://www.techrepublic.com/article/how-do-i-configure-a-network-to-use-demand-dial-routing/6103901
0
 

Author Comment

by:antonioking
ID: 38806069
Unfortunately one of the servers only has one NIC.
for now am using a dial-in vpn connection, i've set the server to auto-login as administrator and used windows task scheduler to run rasdial to sign in the vpn connection.
0
 
LVL 20

Expert Comment

by:agonza07
ID: 38806093
Let's break it down again.

Win2008R2 at the branch office with auto-login and rasdial for VPN connetion. Right?

You can ping the main office, but the main office can't ping the server at the branch office?

What type of server do you have at the main office?
What IP address are you getting at the branch office for the VPN?
0
 

Author Comment

by:antonioking
ID: 38806142
Yep, win2008r2 at branch, auto-logon and rasdial for vpn. Works fine.
I can ping the main office, the main office can ping the "assigned ip" but not the actual ip of the local lan.

Main office is 2008r2 too.
Main office ip range is 192.168.58.0/24
branch office ip range is 192.168.0.0/16
0
 
LVL 20

Expert Comment

by:agonza07
ID: 38806203
What's the assigned IP? Is it within the main office ip range?

I think your trying to configure a site to site over a dial-in VPN and it doesnt work that way.

The VPN will only work with the assigned IP. If you wanted to route the entire branch network, then you need to do a site to site VPN and I've really only done them with hardware vpn units and not on windows servers.

Check out the links above if you want to try and make it work.
0

Featured Post

Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
TLS 1.0 & Windows 7 - How to disable? 16 128
ESXi vmnic Stand By Status 3 60
pfsense upgrade from 2.2.6 to 2.3.3 28 30
DHCP behind catalyst 3750 POE-48 2 18
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question