Assign VPN client an IP on a different LAN Segment

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have W2K/AD enviroment w/ a multihomed RAS server acting as my VPN server.
I'm assigning client IP's through DC's DHCP. Everything works fine. I'd like
to change (through AD Users & Computers console) the ip of the vpn clients to
be on a different subnet than the LAN. I have IP routing enabled on my RAS
server. What do i have to do the get the clients to see the lan when
connected if they're on a different LAN seg. For example lan is
192.168.1.*/24 and i assign VPN clients 192.168.0.*/24. Do i have to setup a
static route on the client and the ras server? Any thoughts would be
appreciated before i actually atempt this.

Thanks!
 
What you need to do is using static address pool on RRAS.

How to setup VPN How to assign a static IP to VPN client How to configure VPN or Dial-up options How to connect to a Windows domain using Windows VPN at startup ...
www.howtonetworking.com/Windows/vpnsetup.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
I have W2K/AD enviroment w/ a multihomed RAS server acting as my VPN server.
I'm assigning client IP's through DC's DHCP. Everything works fine. I'd like
to change (through AD Users & Computers console) the ip of the vpn clients to
be on a different subnet than the LAN. I have IP routing enabled on my RAS
server. What do i have to do the get the clients to see the lan when
connected if they're on a different LAN seg. For example lan is
192.168.1.*/24 and i assign VPN clients 192.168.0.*/24. Do i have to setup a
static route on the client and the ras server? Any thoughts would be
appreciated before i actually atempt this.

Thanks!
 
As Robert said, you can use a static pool to hand out the IP addresses on
the other network. To access the LAN, I'd say you'll need a router.
Something like this:

VPN Client 192.168.0.3
mask 255.255.255.0
gateway 192.168.0.1
|
|--------------192.168.0.1
| ROUTER
| 192.168.1.1
| |
192.168.0.2 |
RRAS SERVE |
192.168.1.2 |
| |
|----------------
192.168.1.5
Current Internet Router





Assuming your Internet gateway on the LAN is currently 192.168.1.1, you'd
have to re-IP it to something else and the default route in the router above
would be via that new IP. Then you wouldn't have to change anything on
clients. I might pick some less-used networks, since the routers on the
client's home networks usually give out IP addresses on 192.168.0, 1, or 2.
Maybe something in the 172.16 range. All of the networks would have to be
different for routing to happen. The example above shows the logical
configuration. But the physical plumbing of the router would indeed be
between the NICs on the RRAS server, one on each subnet.

....kurt
 
Back
Top