DHCP Server behind a NAT Router

By sgilmour
Apr 16, 2009
  1. Hi,
    We have a Local Area Network at work and on this network we have a VM Server with Windows 2003 Server R2 that we plan on using for Active Directory and this server also has DHCP and DNS Server configured on it. is the Server IP. NAT is not configured on the server but is configured on the router.
    From this Network I have my own private address range
    which connects to my NAT Router. I am able to get an ip address of from the DHCP Server for my XP Client

    interface vlan10
    ip address
    ip nat outside
    no shutdown

    Next I setup a second interface on my NAT Router.
    Interface Vlan 300
    ip address
    ip nat inside
    ip helper address
    no shutdown

    I set up the range on the same DHCP Server
    When I connect my Windows XP Client to Interface Vlan 300 I am unable to get a DHCP address on this client but on the server it says that it received an ip address.
    DHCP Server address
    ip address

    DHCP Server Setup
    Vlan 300
    ip range -
    DHCP Options:
    003 Router
    006 DNS Server
    015 DNS Domain Name
    044 WINS/NBNS
    046 WINS/NBT Node Type 0x8

    Any Ideas on how to fix this so I can get a DHCP address on Interface Vlan 300 I am assuming it is a configuration issue.
  2. jobeard

    jobeard TS Ambassador Posts: 9,147   +597

    it's actually a routing issue; if you can add proper routing from the router to the server,
    it will all work.

    HOWEVER, it would be far easier to just place all systems in the same subnet.
  3. sgilmour

    sgilmour TS Rookie Topic Starter

    If it is a routing issue do you have any tips or ideas.
    I have Nat setup on the router as well as OSPF. The router can contact the server just fine. I was thinking it had something to do with my DHCP options on the server.
  4. jobeard

    jobeard TS Ambassador Posts: 9,147   +597

    routing tables (especially in Windows) is non-trivial, compared to Linux.

    Your biggest issue is the huge difference in the IP ranges:
    (A)ip address /
    (B)ip address /​
    If (B) 30.*.*.* were at least the same as (A) 10.*.*.*, then you would have some
    hope of routing into a Class A address of 10.a.b.c /

    The 30.* addresses are public and the 10.* are non-routable LAN addresses and
    typically we allow LAN access to the Public resources but not the other way around.

    Using two routers
    modem--fw--router#1--(a)subnet ---public(30.*)
                router#2 --(b)subset---lan(10.*)
    Let router#2 have its own DHCP service and create the 10.x.y.z subnet (call it (B).
    Requests from any (B) node will find all (A) devices, but (A) devices and the public
    internet can not get to (B) devices.
    Any infrastructure servers in the (B) subnet will need static addresses, not DHCP supplied.
  5. sgilmour

    sgilmour TS Rookie Topic Starter

    Basically you are saying since I have a different subnet that DHCP won't work unless I change the 30 subnet to address.
    Couldn't I add a route to make it work as I currently have it setup?
    I am just waying my options since even when I had an internal DHCP Server I was having issues getting PEAP and TLS authentication to work using the Server with Active Directory and Certificates working.
    Thanks for all your replies.
  6. jobeard

    jobeard TS Ambassador Posts: 9,147   +597

    the change would need to be in the HIGH end and that becomes so broad that
    far too much traffic would flow on your network.

    basically 30.x.y.z is incompatible with 10.x.y.z for good reasons
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...