Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

TCP/IP Setup using hardware VPN? newbie question 3

Status
Not open for further replies.
humour

humour

Programmer
Joined
Nov 24, 2003
Messages
87


Goal: A decent (correct) setup for my hardware vpn to connect my BRANCH to my HEADOFFICE. It works now but I dont think its setup right. "Works" does not necessarily mean "right" *smile*.

HEADOFFICE:
Network server and nodes are all: 192.168.32.X

BRANCH:
4 PC Nodes are all : 192.168.2.X (I don't know why I didn't use 192.168.32.X - but this seemed to work).
DHCP : NOT! (I have an I.P. device that requires a static IP)

Harware VPN using ipsec, secret key, 3des, sha (works so far)

HERE is my question...

What should I have in my DNS Section of my TCP/IP properties for my BRANCH Nodes?

Option a)Acquire DNS automatically? I dont think so - but if I should do this why?

Option b)
207.109.X.X (Primary DNS of my ISP)
207.64.X.X (Secondary DNS of my ISP)
192.168.32.253 (IP of my Win2003 svr)Domain Controller
192.168.32.252 (ip of my win2000 svr)sec. dom. ctrller

option c)
192.168.32.253 (IP of my Win2003 svr)Domain Controller
192.168.32.252 (ip of my win2000 svr)sec. dom. ctrller
This is what I have now? But it seems to me this is likely wrong - if my VPN goes down I wouldn't have a DNS server for my brnach nodes.

option d) Something ELSE???

Thanks in Advance,

~Humour
 
Sort by date Sort by votes
I take it that your domain controller and backup domain controller are also DNS (servers). If this is correct, and if they are function properly, here is what I would do:

Primary DNS: 192.168.32.253
Secondary DNS: 192.168.32.252
Third DNS: 207.109.X.X
Fourth DNS: 207.64.X.X

It is possible to remove the secondary DNS that I listed, but if you remove it and the primary DNS goes down you won?t be able to resolve host names at your HEADOFFICE. But then again, if your not reaching your primary DNS in this configuration, you probably won?t be able to reach the secondary either (since you are connecting to them through VPN, and if the first one fails it will probably be due to VPN failure). If it were my setup, I'd do this:

Primary DNS: 192.168.32.253
Secondary DNS: 207.109.X.X
Third DNS: 207.64.X.X

You can setup more than 2 DNS entries if you go to TCP/IP Properties > Advanced > DNS tab.

Good luck and keep us posted...

deeno
 
Upvote 0 Downvote

Deeno thanks for the reply. I am certain your setup will work as it differs from my current (and working) setup just slightly. You prefer my DNS servers 1st and than the ISP's - why is that?

2nd question - is there a good reason why my head-office and branch are setup with 2 different IP masks.

HeadOffice: 192.168.32.X (uses DHCP delegated by my server)
Branch: 192.168.2.1 (requires static IP's - I have an IP timeclock device, software needs a permanent assigned IP)

 
Upvote 0 Downvote
1. Your ISP most likely isn't resolving your internal hosts to their internal names. Your own DNS servers would do this, and foward other requests to your ISP.

2. Different offices are normally set up with different subnets. It's a lot simpler than trying to bridge a single logical network across multiple physical networks.

If your timeclock is the only device that needs a static IP then there's no reason to not use DHCP. If the workstations must also be static, then of course you can't.
 
Upvote 0 Downvote

LGarner Said "If your timeclock is the only device that needs a static IP then there's no reason to not use DHCP. If the workstations must also be static, then of course you can't."

My workstations can be dynamic. Can Static IP's co-exist on a network with dynamically assigned IP's in a DHCP environment? Do I have to setup DHCP to exclude a range for my static IP clock (a range of 1).

The only options I think I have at the branch for DHCP services are my router (Netopia 910) and network hub (really a Linksys router setup in "hub" mode. Both seem capable of dishing out IP's. Assuming I need to range-exclude my static IP device do routers typically offer this functionality within their DCHP function?

Thanks again guys for the quick responses.

~ Humour
 
Upvote 0 Downvote
Routers or any DHCP device has a scope to set where you can include range of IP addresses inside of which IP's are assigned or exclude a range from which IP's will not be assigned.

Learn everything but implement only what is needed.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
1K
GlobeTrekkerGal
GlobeTrekkerGal
F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F
sarahz2
  • Locked
  • Question Question
Best vpn safe and fast
Replies
4
Views
1K
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question Question
How to Create an site to site VPN
Replies
1
Views
887
sircles
sircles
ramblingrebel
  • Locked
  • Question Question
Built-in Windows 10 VPN
Replies
1
Views
926
Joon Smith
Joon Smith

Part and Inventory Search

Sponsor

Back
Top