Sonicwall VPN DHCP to windows server

I have split my network in to several subnets over the weekend, all works fine using IP Helper on my SonicWALL to get my windows server to do DHCP requests for all the subnets.

However I cant get my VPN to work. It keeps getting stuck at "Acquiring IP"

I have DHCP Lease set up. Split Tunnel and a default gateway of 0.0.0.0 set up on the VPN policy

under DHCP over VPN I have forward requests to internal server IP.

Everything else is the same when it was running on the sonicwalls DHCP server but cant get an IP from Windows DHCP.

Any ideas please?
LVL 6
CaptainGibletsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nappy_dThere are a 1000 ways to skin the technology cat.Commented:
Why not let your Sonicwall give your VPN clients a DHCP address?  You can set a subnet or range for them to connect.
0
Aaron TomoskySD-WAN SimplifiedCommented:
Did you add the subnet to your windows dhcp server?  I don't have mine in front of me at the moment but I have this exact setup working just fine. Whatever range the Vpn is setup for needs to be created on the windows side and it will work.
0
getzjdCommented:
Is your Windows DHCP server on the same subnet as X0?  If not, have you verified that there is a route to the subnet of the DHCP server and that the user group for those VPN users has access to that subnet under local groups?
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

CaptainGibletsAuthor Commented:
@nappy - dhcp server cannot be running on the sonicwqll for dhcp relay to work

@Aaron, what do you put in your default gate way / relay address? I used to have 0.0.0.0 in default gateway and the beginning of the dhcp address range in dhcp relay.

@getzjd - if you use io helper you don't need to be on the same subnet
0
CaptainGibletsAuthor Commented:
Also, if I turn off use internal DHCP, set the relay IP as 0.0.0.0 and forward requests to my internal DHCP server then it just sticks at "Acquiring IP" on GVC.
0
CaptainGibletsAuthor Commented:
So I was playing around today with settings, and I noticed that one of my external users were connected with an IP address.... Turns out that both machines I was using to test VPN were having issues and couldn't get a DHCP address, but it wasn't because of the SonicWALL.

1 question I still have though, how can I change what pool my VPN users get an address from. At the moment my setup looks like this.

192.168.200.x - Server subnet
192.168.202.x - LAN user subnet
192.168.198.x - VLAN I have created on same interface as 202 which I want VPN users to go on.

So I have created the DHCP pools for 202 and 198, but when my users connect to VPN they are getting an IP on the 202 subnet. I cant see any options to pick which pool they get a lease from.
0
getzjdCommented:
I have never done this with our Sonicwalls, but give this a shot

-Create a VLAN subinterface on 192.168..198.x (which it looks like you have already done)
- Configure a DHCP pool for the 192.168.198.x subnet on the Windows server
- Ensure the Windows DHCP server has a presence on the 192.168.198.x network and is listening
- Configure the IP Helper address to send requests to the address of the DHCP server on the 192.168.198.x network
-Ensure the 192.168.198.x scope is permitted in the groups for VPN access on the Sonicwall.
0
CaptainGibletsAuthor Commented:
I thought the whole point of ip helper is to forward the broadcast requests via the firewall so you don't have to have a presence on the network, this is how all my other dhcp pills work, and its currently how vpn works but its getting an address from the wrong pool I want to get one from the vlan interface not the mainone
0
Aaron TomoskySD-WAN SimplifiedCommented:
ok, so I have a working one in front of me now and here is how I'm successfully using it:

vpn->dhcp over vpn
check "send dhcp requests to server..."
add one or more dhcp servers (I have two in a load balance)
then for the relay ip, I use what the interface IP would be if I had to make a vpn interface. so if my scheme was 10.10.vlan.x where .1 was the gateway, I'm using 10.10.70.1 even though I don't have a 70 vlan or made this interface anywhere.

Then on my windows dhcp servers, I made the .70.x subnet.

I didn't enable ip helper for this at all, I used to use ip helper in the sonicwall when it had my other vlans but I've sinced moved to a layer3 switch for that. I didn't have to tell it about vlan 70 or the .70.1 interface either.

Let me know if you have any more questions, this was a total lets see what happens if I put this in here and it worked. The documentation was pretty weak.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CaptainGibletsAuthor Commented:
I managed to get it working in the end, this is the correct answer.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.