Well just setting up a scope for a different IP subnet of the same size
won't help. That would just force all the machines to get a different IP
address, but you would still have a limit of about 250 IPs.
To get more IPs available you need to change the netmask (not
recommended) or segment your network. That means having two segments which
are in different IP subnets joined by a router. This will mean a
considerable changes to your local LAN. It will also mean changing the way
your VPN clients connect. The system you are using (on subnet addresses from
DHCP on the LAN) is not suitable for a segmented network.
Ideally you would end up with three IP subnets. Two would be on the LAN
and could be handled by one DHCP server. The router between the subnets
could act as a DHCP relay device. The remote users would be in their own IP
subnet with addresses coming from an address pool set up in RRAS.
You are really pushing the limits of a one server setup here. I would
think it time to look at splitting the routing off from the DC. Someting
like this.
Internet
|
RRAS (or ISA)----------> VPN (192.168.3.0/24)
|
--------------------------
| |
192.168.1.1 dg blank 192.168.2.1 dg blank
| |
existing LAN new LAN
(including DC) 192.168.2.x
192.168.1.x dg 192.168.2.1
dg 192.168.1.1
Rogene wrote:
> Hi Bill,
>
> That would help but we still need more IP addresses available for
> DHCP. If I do what you are suggesting it will help, but I still need
> to have more IP's. How would you accomplish expanding the IP's?
>
> Thanks,
> Rogene
>
> "Bill Grant" wrote:
>
>> I would not use DHCP at all for that. I would leave the current
>> scope for the LAN machines to use and set up an address pool in RRAS
>> for the remote users.
>>
>> Using a different IP subnet for the remote users means that you
>> have to make a few changes to your setup. You need to enable IP
>> routing on the RRAS server. You may also need extra routing on the
>> LAN if the RRAS router is not the default gateway of your LAN. If
>> the default gateway is some other device, that is where the traffic
>> for the remotes will go. You need to redirect it to the RRAS router
>> to be encapsulated and encrypted first.
>>
>> Rogene wrote:
>>> When trying to log on to the PC's locally we are receiving an error
>>> that the domain is not available.
>>>
>>> My original plan was to use 192.168.1.0/24 for DHCP addresses and
>>> 192.168.2.0/24 for static addresses. Is there a fix for this or
>>> should I have accomplished this in a different way.
>>>
>>> Thanks,
>>> Rogene
>>>
>>> "Rogene" wrote:
>>>
>>>> We are running W2K3 Standard edition as DC, DNS, Remote Access and
>>>> DHCP. We were running out of DHCP addresses, so I disabled the
>>>> current 192.168.1.0/24 scope and added 192.168.2.0/24 this scope.
>>>> Rebooted the server. Remote Access is now giving the following IP:
>>>>
>>>> PPP adapter ASI:
>>>>
>>>> Connection-specific DNS Suffix . :
>>>> Description . . . . . . . . . . . : WAN (PPP/SLIP)
>>>> Interface Physical Address. . . . . . . . . :
>>>> 00-53-45-00-00-00 Dhcp Enabled. . . . . . . . . . . : No
>>>> IP Address. . . . . . . . . . . . : 169.254.236.47
>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.255
>>>> Default Gateway . . . . . . . . . :
>>>> DNS Servers . . . . . . . . . . . : 192.168.1.5
>>>>
>>>> Please advise on how to correct this issue.
>>>>
>>>> Thanks,
>>>> Rogene
|
Similar Threads
Linear Mode
