Setting up DHCP

We went away from DHCP 6 or 7 years ago because of a suggestion from an auditor. We've recently went from a 1 location office to 3 in the past couple of months and it's getting to be more difficult to handle IP issues with the other locations. We have a handful of users with laptops that travel between the different offices and I'd like them to just be able to dock their laptop and be connected to the network without having to re-IP their laptop. We're using SBS 2011 for a domain controller for 2 of the offices and an SBS 2003 for the other office. How do I set it so that these users can go to any office and grab an IP? Thanks.
itgolferAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Wayne88Commented:
You can set the router (use any Windows Server) at each remote location to be the local DHCP server then have remote users VPN into the main office.  Once inside the VPN then they can reach the domain controller at the main office.  This way, each remote office is managing their own IP pool and independent from having the main office assigning IP addresses.  This is how most remote branches are setup.

Each time your remote users connect to a different network they will have to "re-IP" to connect to that network.   Can you clarify the problem you're having and what you meant by not wanting to "re-IP"?
0
itgolferAuthor Commented:
OK, I'll try to clarify. I did setup our SBS in our main office to allow about 10 IPs via DHCP and that's working.  Our other office that connects to this same SBS is on a different subnet so do I need to add that subnet in the SBS DHCP screen?

When I say re-IP, right now when they go to a different office, they're manually changing their static to the subnet of that office. I think if I can get the DHCP working between the 3, they should just be able to plugin and connect without having to manually do it, right?
0
Curt PetriccaIT TechnicianCommented:
I have a suggestion similar to Wayne88. My solution would add security to his initial plan. I would look into creating a single DHCP server at the main office that provides IPs for ONLY the main office. After that I would establish VLANS to isolate sensitive areas and either static those IPs or create a additional pool in the DHCP server. After that I would enable DHCP on the routers at the remote sites and then create a VPN connection back to the main office with the appropriate VLANS and network statements. This will give you the security your initial auditor probably had in mind by isolating your remote office IPs from the main office's IPs but still allowing ease of management and end user connectivity.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Wayne88Commented:
Sorry, I am still not clear.  Please provide answers to the following questions:

-How are your remote users connecting to the SBS (main office)?
-Do you have VPN or dedicated line to the main office?
-Why are they manually changing their static to the subnet of that office?  If the remote branch have a local DHCP server then the laptop will pick up the IP settings as long as it's also set to retrieve IP settings from the DHCP server.
-May I also ask why they "need" to be in a separate subnet when remoting in to the main office?

Normally the remote users will connect to the main office via VPN.   Once they VPN into then the VPN application/server will talk to the DHCP server at the main office (your SBS) and assign an IP settings for that user.  This is transparent to the users and my users never needed to change the IP address manually for any reasons.

Also, I agree with Curt that if you have sensitive data you want to prevent remote users access from then you will need to create VLANs, different subnets and firewall rules, etc.   If not, then just let the remote users VPN into the main office subnet so that they can access the network resources at the main office (e.g. shared drives, etc.)

But your issue is with the remote users having to change their subnet each time they go to a remote location and this is the part that I am not understanding because that sounds like the VPN wasn't properly configured for the VPN client to retrieve an IP address from the DHCP server at the main office.  This is why we need to understand how are your remote users connecting to the main office?
0
itgolferAuthor Commented:
-How are your remote users connecting to the SBS (main office)?
-Do you have VPN or dedicated line to the main office?
-Why are they manually changing their static to the subnet of that office?  If the remote branch have a local DHCP server then the laptop will pick up the IP settings as long as it's also set to retrieve IP settings from the DHCP server.
-May I also ask why they "need" to be in a separate subnet when remoting in to the main office?
-We have a firewall at each office that has a VPN tunnel to the main location.
-Only 2 of the offices have a local DHCP server, the other connects to the server at our main location. We haven't migrated the users from the newest office off of their server yet, so it will eventually get to 1 server for all 3 branches.
-We have each location on a different network because of the number of devices. When we went from 1 office to 2, we didn't have enough IPs for the new office. Main office is 192.168.10.x, Office 2 is 192.168.30.x and Office 3 (logs into their own server) is 172.16.1.x.

Hope that helps. I'm not very good at explaining it.
0
Wayne88Commented:
Ok, so if each branch office is hosting their own DHCP pool (thus they do have their own DHCP server) then naturally when the remote users visit a branch they will retrieve an IP address from a local DHCP server.

There is a tab called "alternate configuration" in the TCP/IP settings.  This can help you get around of having to "re-IP".  Simply set one for DHCP and another as STATIC IP.

Alternate IP Address Configuration: http://www.eightforums.com/tutorials/29241-ip-address-enable-alternate-configuration.html

If using other Windows version then search for a similar configuration for your Windows version.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DHCP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.