DHCP Server behind a NAT Router

Status
Not open for further replies.
Hi,
We have a Local Area Network at work and on this network we have a VM Server with Windows 2003 Server R2 that we plan on using for Active Directory and this server also has DHCP and DNS Server configured on it. 10.1.0.18 is the Server IP. NAT is not configured on the server but is configured on the router.
From this Network I have my own private address range 10.1.146.1-255
which connects to my NAT Router. I am able to get an ip address of 10.1.146.100 from the DHCP Server for my XP Client

interface vlan10
ip address 10.1.146.1 255.255.128.0
ip nat outside
no shutdown

Next I setup a second interface on my NAT Router.
Interface Vlan 300
ip address 30.1.180.1 255.255.255.0
ip nat inside
ip helper address 10.1.0.18
no shutdown

I set up the range on the same DHCP Server
When I connect my Windows XP Client to Interface Vlan 300 I am unable to get a DHCP address on this client but on the server it says that it received an ip address.
DHCP Server address
ip address 10.1.0.18
netmask 255.255.254.0
Gateway 10.1.0.1

DHCP Server Setup
Vlan 300
ip range 30.1.180.100 -30.1.180.200
Gateway 30.1.180.1
DHCP Options:
003 Router 10.1.146.1
006 DNS Server 10.1.0.18
015 DNS Domain Name SQA.com
044 WINS/NBNS 10.1.0.18
046 WINS/NBT Node Type 0x8



Any Ideas on how to fix this so I can get a DHCP address on Interface Vlan 300 I am assuming it is a configuration issue.
Thanks
Scott
 
it's actually a routing issue; if you can add proper routing from the router to the server,
it will all work.

HOWEVER, it would be far easier to just place all systems in the same subnet.
 
If it is a routing issue do you have any tips or ideas.
I have Nat setup on the router as well as OSPF. The router can contact the server just fine. I was thinking it had something to do with my DHCP options on the server.
 
routing tables (especially in Windows) is non-trivial, compared to Linux.

Your biggest issue is the huge difference in the IP ranges:
(A)ip address 10.1.146.1 / 255.255.128.0
vs.
(B)ip address 30.1.180.1 / 255.255.255.0​
If (B) 30.*.*.* were at least the same as (A) 10.*.*.*, then you would have some
hope of routing into a Class A address of 10.a.b.c / 255.0.0.0

The 30.* addresses are public and the 10.* are non-routable LAN addresses and
typically we allow LAN access to the Public resources but not the other way around.

Using two routers
Code:
modem--fw--router#1--(a)subnet ---public(30.*)
              |
             fw#2
              |
            router#2 --(b)subset---lan(10.*)
Let router#2 have its own DHCP service and create the 10.x.y.z subnet (call it (B).
Requests from any (B) node will find all (A) devices, but (A) devices and the public
internet can not get to (B) devices.
Any infrastructure servers in the (B) subnet will need static addresses, not DHCP supplied.
 
Basically you are saying since I have a different subnet that DHCP won't work unless I change the 30 subnet to 255.255.128.0 address.
Couldn't I add a route to make it work as I currently have it setup?
I am just waying my options since even when I had an internal DHCP Server I was having issues getting PEAP and TLS authentication to work using the 10.1.0.18 Server with Active Directory and Certificates working.
Thanks for all your replies.
Scott
 
DHCP won't work unless I change the 30 subnet to 255.255.128.0 address
the change would need to be in the HIGH end and that becomes so broad that
far too much traffic would flow on your network.

basically 30.x.y.z is incompatible with 10.x.y.z for good reasons
 
Status
Not open for further replies.
Back