RE: IP Address Assignment for VPN clients.

• From: "William Holmes" <wtholmes@xxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 1 Dec 2004 21:45:48 -0500

Hello,

I would like to use a real dhcp server so that the clients get configured
correctly. It has been my experience that when using the static pool other
dhcp options are not correctly configured. In particular dns and wins servers
do not get configured to override the dhcp and wins servers that were
configured prior to the VPN tunnel being setup.

Bill 

-----Original Message-----
From: Joe Pochedley [mailto:joepochedley@xxxxxxxxx] 
Sent: Wednesday, December 01, 2004 11:24 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IP Address Assignment for VPN clients.

http://www.ISAserver.org

William,

If you want to use a separate address pool for the VPN connections, then why
don't you just set it up that way on the RRAS server?  The "static pool"
essentially acts like DHCP just for the VPN/RRAS clients...

Why do you want to complicate it more than necessary?

Joe Pochedley
A computer terminal is not some clunky old television with a typewriter in
front of it. It is an interface where the mind and body can connect with the
universe and move bits of it about. -Douglas Adams 

-----Original Message-----
From: William Holmes [mailto:wtholmes@xxxxxxxxxxxxxx]
Sent: Wednesday, December 01, 2004 9:48 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] IP Address Assignment for VPN clients.

http://www.ISAserver.org

Hello,

When configuring a VPN server you are given two choices for address
assignment. The first is DHCP and the second is a static address pool.
When configured to use a static pool you can essentially assign any subnet to
the VPN network.  However if you want to use DHCP you are required to choose
a network adapter from which to assign addresses.

If you choose to use the Internal Interface then your VPN clients will share
the address space of the internal network. 

I would like to use DHCP for address assignement and still have the VPN
network setup in its own address space. However this does not seem to be
possible.  If I enable the DHCP relay agent on the VPN server and point it at
my DHCP server there is no way to tell the VPN interface when you make your
request "use this subnet". Instead it will use the subnet associated with the
adapter chosen on the IP property page.

If I am reading this correctly: Choosing a specific adapter is the only way
to configure the TCP/IP paramters of the VPN pseudo interface. In otherwords
it is the only way to decide on which subnet VPN clients will use. 

Is there another way?  The only thing I can think to do is add another
network adapter to my server and use it as the configuration adapter.
However this complicates things quite a bit and will require changing my ISA
server's config quite a bit.

Is there a way to use DHCP and assing the IP subnet to a VPN interface
without using a "Real" Interface?

Thanks

Bill  

William Holmes (MCP)
Department of Computer Science
310 Upson Hall
Cornell University
Ithaca, NY 14853
wtholmes@xxxxxxxxxxxxxx
607 255-1757 (o) 607 227-6049 (c)
 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading Network
Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
JoePochedley@xxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading Network
Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
wtholmes@xxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » IP Address Assignment for VPN clients.
• » RE: IP Address Assignment for VPN clients.
• » RE: IP Address Assignment for VPN clients.
• » RE: IP Address Assignment for VPN clients.
• » RE: IP Address Assignment for VPN clients.
• » RE: IP Address Assignment for VPN clients.
• » RE: IP Address Assignment for VPN clients.

1. Home
2. isalist
3. Archive
4. 12-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---