| Author |
 Topic  |
|
|
Michael
Old Timer
USA
608 Posts
Status: offline |
 Posted - 08/15/2012 : 09:54:39 AM
|
I have a 2008R2 AD server with DNS and DHCP running fine. We have a SonicWall for internet access. I have some users that will be using the SonicWall VPN client to connect to SW from outside. I had to turn on the DHCP on the sonicwall to give remote user an IP. ( I am looking into options of SW to point to server for DHCP) For now I set the SW to hand out only 10 IP that are not in the same range as the DHCP of the 2008 server. Both are the same scheme of 10.0.0.x, the server does 10.0.0.150-10.0.0.199 and the SW hand out 10.0.0.200- 210.
Will this cause a problem?
Thanks
Michael
|
|
|
chamezzzz
Honorable But Hopeless Addict
United Kingdom
2297 Posts
Status: offline |
Posted - 08/15/2012 : 10:46:16 AM
|
It is hard to say from your description , the Sonicwall should handle the routing.
How I do it is this way.
On my Windows DHCP Server, I create a second scope with a different IP range than my LAN and I name it VPN users. I reduce the lease time to one day and configure a few more options. The Range is 192.168.88.1 to 192.168.88.100. I exclude 192.168.88.1 as this will be my DHCP relay address for my Sonicwall Gateway.
I enable this scope.
Configure your Sonicwall Central Gateway to send DHCP requests to the server addresses requested below.
At this screen on my Sonicwall I put in the LAN IP of my Windows DHCP Server. Let us assume it is 192.168.1.2 - this is my original LAN DHCP scope 192.168.1.3 - 192.168.1.254
Finally, I put in the Relay IP Address for my new scope in the Sonicwall Configuration.
In my case this is 192.168.88.1 - the scope is from 192.168.88.1 to 192.168.88.100 but I have excluded 192.168.88.1 in my inital configuration. This is my Sonicwall DHCP Relay address. 192.168.88.2 to 192.168.88.100 will be allocated to clients on the Sonicwall VPN.
I do this so I can establish that users are connecting via the Sonicwall VPN Client rather than being located on the LAN.
Hope this helps.
Regards |
James |
Edited by - chamezzzz on 08/15/2012 4:12:24 PM |
 |
|
|
Michael
Old Timer
USA
608 Posts
Status: offline |
Posted - 08/15/2012 : 9:02:05 PM
|
Thanks for the reply James.
I like your idea, just not sure if I really understand how to do it.
"It is hard to say from your description , the Sonicwall should handle the routing." Maybe my description of the SW handing out only 10 IP was misleanding. I meant it will only hadout 10 address total, as we only have 5 VPN user license.
The network is on a 10.0.0.x, so you are saying if I create a scope on the server for VPN of 10.0.1.x. it will work? Or do I have to set a Route in the SW to make it work?
I am not at work now so I don't have access to the server or SW, I will look at this in the morning when I can see them.
But will it cause a problem on the network with the SW and 2008 server doing DHCP? Most everything on the Lan has static IP but sometime a laptop uer will connect to inside Lan, how will it know to get IP from the server and not the SW?
Thanks!
Michael
|
|
|
|
chamezzzz
Honorable But Hopeless Addict
United Kingdom
2297 Posts
Status: offline |
Posted - 08/16/2012 : 12:14:57 AM
|
Hi Michael,
Yes, Sonicwall can appear frustrating.
I forgot a few things.
I have my Sonicwall configured for LDAP with a Domain Controller.
This is in Users > Settings > Authentication Method for Login.
I have created a dedicated domain account named SonicAdmin for this configuration.
I create a Group in my Active Directory named SonicVPN. And the domain users that are allowed access via the VPN are members of this group.
I do this so to avoid maintaining separate local users and accounts on the Sonicwall.
I think you should test this, it won't hurt!
Create a new DHCP scope on your existing Windows DHCP Server - do 192.168.123.1 to 192.168.123.10 - name it VPN users and once created exclude the first address 192.168.123.1.
 |
James |
|
|
|
Michael
Old Timer
USA
608 Posts
Status: offline |
Posted - 08/20/2012 : 09:39:31 AM
|
Thanks James, I will look into this.
Have A Great Day!
Michael |
|
|
|
chamezzzz
Honorable But Hopeless Addict
United Kingdom
2297 Posts
Status: offline |
Posted - 09/03/2012 : 04:50:56 AM
|
| Just bumping this, let me know if you need any help? |
James |
|
|
| |
Topic |
|
Firewall DHCP or 2008 DHCP?
