I am trying to configure my Windows 2003 R2 based RRAS VPN Servers for DHCP rather than using a static pool. The reasoning is that I need to get the VPN clients into my account domain DNS, and am using the DHCP servers to update DNS on the client
behalf. What I have is this currently configured is below. Currently when I connect to VPN, I do not get an IP address and I do not get DNS/WINS/domain settings. What I think I need to do is:
- Configure the internal firewall to allow with a DHCP helper address of the DHCP servers
- Add a MS Loopback adapter and assign it an IP address that is in the 10.0.82.0/24 IP range
- Choose the above MS Loopback adapter in the "IP" tab of the RRAS server config for the adapter to use
Does this sound correct and is this everything I should have to do?
Current Configuration
=================================================
Network Layout
- Internet
- External ASA Firewall doing NAT
- DMZ
- DMZ domain (dmzadmin.net)
- RRAS Servers
- Internal ASA Firewall
- Internal Network
- Account domain (intusa.net)
- DHCP servers
- Where I want VPN client IPs to be registered in DNS
-----------------------
Domains
- DMZ
- Windows Domain - DMZAdmin
- DNS Domain - dmzadmin.net
- Internal (user accounts and client computer accounts)
- Windows Domain - Intusa
- DNS Domain - intusa.net
- where I want all VPN clients to be registered in DNS by DHCP servers
-----------------------
IP Addressing
- DMZ - 10.0.41.0/24 - gateway 10.0.41.251
- RRAS Servers - 10.0.41.242 (RRASQA01.dmzadmin.net)
- AD DC/GC/DNS Servers (DMZAdmin) - 10.0.41.11 (mydmzgcp01.dmzadmin.net) , 10.0.41.12 (mydmzgcp02.dmzadmin.net)
- Internal Network - 10.0.6.0/24, 10.0.14.0/24, 10.0.82.0/24, 10.8.15.0/24, 10.0.80.0/24
- VPN Client DHCP Pool - 10.0.82.0/24 - gateway 10.0.82.1
- DHCP Servers - 10.0.6.36 (mywin01.intusa.net) , 10.0.6.37 (mywin02.intusa.net)
- RADIUS Servers - 10.0.80.41 (myradius01.intusa.net) , 10.0.80.42 (myradius02.intusa.net)
- AD DC/GC/DNS Servers (Intusa) - 10.0.15.14 (mygcp01.intusa.net) , 10.0.15.15 (mygcp02.intusa.net)
-----------------------
- RRAS Server Configuration (1 of them)
- Servername - RRASQA01.dmzadmin.net
- Windows Domain - DMZAdmin
- NICs - 1
- IP Addresses - 10.0.41.242
- Subnet mask - 255.255.255.0
- Gateway - 10.0.41.251
- PDNS - 10.0.15.14
- SDNS - 10.0.15.15
- DNS Suffix for this connection - blank
- Register this connection in DNS - unchecked
- PWINS - blank
- SWINS - blank
- Disable NetBIOS over TCPIP - checked
=================================================
RRAS Configuration (not working)
- General
- Router
- LAN and demand dial routing
- Remote access server
- Security
- RADIUS Authentication - 10.0.80.41, 10.0.80.42
- RADIUS Accounting - 10.0.80.41, 10.0.80.42
- IP
- Enable IP Routing
- Allow IP-based remote access and demand dial connections
- Dynamic Host Configuration Protocol (DHCP)
- Enable broadcast name resolution
- Network Interfaces (local)
- Public - Dedicated - Enabled - Connected - NIC1
- Loopback - Loopback - Enabled - Connected
- Internal - Internal - Enabled - Connected
- Ports
- Devices
- WAN Miniport(PPPoE)
- Demand-dial routing connections (outbound only)
- WAN Miniport (PPTP)
- Remote access connections (inbound only)
- Demand-dial routing connections (inbound and outbound)
- Phone number for this device - blank
- WAN Miniport (L2TP)
- Remote access connections (inbound only)
- Demand-dial routing connections (inbound and outbound)
- Phone number for this device - blank
- Direct Parallel
- Demand-dial routing connections (inbound and outbound)
- IP Routing
- General - all have Static Filters and Basic Firewall Disabled
- Public - Dedicated - 10.0.41.242 - Up - Operational
- Loopback - Loopback - 127.0.0.1 - Up - Operational
- Internal - Internal - Not available - Unknown - Non-Operational
- Static Routes - none
- DHCP Relay Agent
- Interface - Internal
- Relay Mode - Unknown
- DHCP Servers - 10.0.6.36, 10.0.6.37
- IGMP
- Public - Proxy - Up - 0.0.0.0
- Internal - blank - blank - blank
- Properties
- Enable IGMP - checked
- IGMP Router
- IGMP protocol version - Version 3
- Configure the internal firewall to allow with a DHCP helper address of the DHCP servers
- Add a MS Loopback adapter and assign it an IP address that is in the 10.0.82.0/24 IP range
- Choose the above MS Loopback adapter in the "IP" tab of the RRAS server config for the adapter to use
Does this sound correct and is this everything I should have to do?
Current Configuration
=================================================
Network Layout
- Internet
- External ASA Firewall doing NAT
- DMZ
- DMZ domain (dmzadmin.net)
- RRAS Servers
- Internal ASA Firewall
- Internal Network
- Account domain (intusa.net)
- DHCP servers
- Where I want VPN client IPs to be registered in DNS
-----------------------
Domains
- DMZ
- Windows Domain - DMZAdmin
- DNS Domain - dmzadmin.net
- Internal (user accounts and client computer accounts)
- Windows Domain - Intusa
- DNS Domain - intusa.net
- where I want all VPN clients to be registered in DNS by DHCP servers
-----------------------
IP Addressing
- DMZ - 10.0.41.0/24 - gateway 10.0.41.251
- RRAS Servers - 10.0.41.242 (RRASQA01.dmzadmin.net)
- AD DC/GC/DNS Servers (DMZAdmin) - 10.0.41.11 (mydmzgcp01.dmzadmin.net) , 10.0.41.12 (mydmzgcp02.dmzadmin.net)
- Internal Network - 10.0.6.0/24, 10.0.14.0/24, 10.0.82.0/24, 10.8.15.0/24, 10.0.80.0/24
- VPN Client DHCP Pool - 10.0.82.0/24 - gateway 10.0.82.1
- DHCP Servers - 10.0.6.36 (mywin01.intusa.net) , 10.0.6.37 (mywin02.intusa.net)
- RADIUS Servers - 10.0.80.41 (myradius01.intusa.net) , 10.0.80.42 (myradius02.intusa.net)
- AD DC/GC/DNS Servers (Intusa) - 10.0.15.14 (mygcp01.intusa.net) , 10.0.15.15 (mygcp02.intusa.net)
-----------------------
- RRAS Server Configuration (1 of them)
- Servername - RRASQA01.dmzadmin.net
- Windows Domain - DMZAdmin
- NICs - 1
- IP Addresses - 10.0.41.242
- Subnet mask - 255.255.255.0
- Gateway - 10.0.41.251
- PDNS - 10.0.15.14
- SDNS - 10.0.15.15
- DNS Suffix for this connection - blank
- Register this connection in DNS - unchecked
- PWINS - blank
- SWINS - blank
- Disable NetBIOS over TCPIP - checked
=================================================
RRAS Configuration (not working)
- General
- Router
- LAN and demand dial routing
- Remote access server
- Security
- RADIUS Authentication - 10.0.80.41, 10.0.80.42
- RADIUS Accounting - 10.0.80.41, 10.0.80.42
- IP
- Enable IP Routing
- Allow IP-based remote access and demand dial connections
- Dynamic Host Configuration Protocol (DHCP)
- Enable broadcast name resolution
- Network Interfaces (local)
- Public - Dedicated - Enabled - Connected - NIC1
- Loopback - Loopback - Enabled - Connected
- Internal - Internal - Enabled - Connected
- Ports
- Devices
- WAN Miniport(PPPoE)
- Demand-dial routing connections (outbound only)
- WAN Miniport (PPTP)
- Remote access connections (inbound only)
- Demand-dial routing connections (inbound and outbound)
- Phone number for this device - blank
- WAN Miniport (L2TP)
- Remote access connections (inbound only)
- Demand-dial routing connections (inbound and outbound)
- Phone number for this device - blank
- Direct Parallel
- Demand-dial routing connections (inbound and outbound)
- IP Routing
- General - all have Static Filters and Basic Firewall Disabled
- Public - Dedicated - 10.0.41.242 - Up - Operational
- Loopback - Loopback - 127.0.0.1 - Up - Operational
- Internal - Internal - Not available - Unknown - Non-Operational
- Static Routes - none
- DHCP Relay Agent
- Interface - Internal
- Relay Mode - Unknown
- DHCP Servers - 10.0.6.36, 10.0.6.37
- IGMP
- Public - Proxy - Up - 0.0.0.0
- Internal - blank - blank - blank
- Properties
- Enable IGMP - checked
- IGMP Router
- IGMP protocol version - Version 3