Re: VPN vs. VLAN
- From: vap0rtranz <justin4dti@xxxxxxxxxxxx>
- Date: Mon, 19 May 2008 15:14:00 -0700
wasVLANs are irrelevant,...An IP segment is an IP segment, no matter how it
"created".
Yea I didn't want to get into semantic wars about what a "VLAN" is;
basically what I meant was: how does one correctly assign another IP to a NIC
in win2k? an IP that can be bound to the local DHCP service (instead of
listening in on the same network as the LAN router's DHCP daemon). In *nix
worlds this is easily done via an ip alias and binding daemons to listening
only on those aliases (instead of the interface globally). I just don't see
an easy way to do this via RRAS. netsh looks more promising but there's
little documentation on it ...
Justin
--
AIM/YIM/ICQ: vap0rtranz
Homepage: http://appstate.edu/~jp59031/
"Here on the moon, our weekends are so advanced, they encompass the entire
week." - Ignignokt
"Phillip Windell" wrote:
The VPN Server must be in the LAN Segment that you want the users to be in..
The Users will be in whatever Segment the "internal interface" is in. RRAS
must have the DHCP Relay Agent installed and functioning.
The DHCP Server needs a separate distinct Scope for every IP Segment that is
services.
VLANs are irrelevant,...An IP segment is an IP segment, no matter how it was
"created".
The LAN Router between the IP Segments needs to be configured to forward
DHCP Queries to the DHCP Server.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
"vap0rtranz" <justin4dti@xxxxxxxxxxxx> wrote in message
news:465EC18D-7B59-46F6-B19C-D7DC09E61DCB@xxxxxxxxxxxxxxxx
I'm setting up a totally isolated VLAN for testing and bumped into a few
issues connecting to it via RRAS's VPN.
VPN via PPTP works. I can connect to the Win2k DC running RRAS from a XP
client; it gets a statically defined IP and can do basic networking (ex:
ping
the server). DNS and DHCP for the client, however, are broken. With RAS
configured to give IP's via DHCP and the Internal interface doing DHCP
Relay,
the XP client gets an IP from the LAN router. This is totally flies at
the
face of a VLAN; I had thought that because the server only as RAS
enabled --
not Routing for LAN nor LAN and dial-in -- that it would keep VPN clients
unroutable from the physical LAN and essentially create a VLAN. Maybe I
misunderstand how Microsoft wants this done?
I want DHCP leases given from the server so that VPN clients are totally
integrated in AD/DDNS. This is not possible with the IP List option in
RRAS.
To not cause IP conflicts with the LAN router's DHCP daemon I had unbound
the server's DHCP service from the local NIC. Yet a VPN client gets an IP
from the LAN router, so I'm doing something wrong. It must be the Relay
Agent that is passing over the client's DHCP request to the LAN router,
no?
Also, how do I bind a static IP address for the server on this VLAN that
I'm
creating? There's no such option for the Internal interface in
rrasmgmt.msc,
and when I assigned a VLAN IP address to the Local (NIC) interface
alongside
its LAN IP, I lost remote connectivity to the server :( So this post is
to
solicit how Microsoft wants this done until I can get to the server's
console.
Justin
--
AIM/YIM/ICQ: vap0rtranz
Homepage: http://appstate.edu/~jp59031/
"Here on the moon, our weekends are so advanced, they encompass the entire
week." - Ignignokt
- Follow-Ups:
- Re: VPN vs. VLAN
- From: Phillip Windell
- Re: VPN vs. VLAN
- References:
- VPN vs. VLAN
- From: vap0rtranz
- Re: VPN vs. VLAN
- From: Phillip Windell
- VPN vs. VLAN
- Prev by Date: Re: VPN vs. VLAN
- Next by Date: Re: VPN vs. VLAN
- Previous by thread: Re: VPN vs. VLAN
- Next by thread: Re: VPN vs. VLAN
- Index(es):
Relevant Pages
|
