Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
VPN + dynamic DHCP address assignment + HYPER-V
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
VPN + dynamic DHCP address assignment + HYPER-V - 11.Aug.2008 6:30:46 PM
|
|
|
sp@ewdev.com
Posts: 4
Joined: 10.May2005
From: Stevenage, UK
Status: offline
|
Hi Folks,
This will be a post that presents a problem and a solution so that others need not spend the week it took me to fix this problem:
Scenario:
Single physical Windows Server 2008 running Hyper-V and hosting 5 Windows Server 2008 x64 virtual machines plus one Windows Server 2003 x86 virtual machine (for ISA2006).
One of the virtual Windows Server 2008 machines acts as the Primary VM Host and this one had DC and DHCP installed on it.
The only Windows Server 2003 VM client machine is set up as an ISA2006 Edge Firewall.
The network infrastructure consisted of two virtual networks: one "External" Network (virtual network connected to a physical NIC. NIC not connected to anything) known as the LAN and one "Dedicated" Network (private virtual network connected to a physical NIC such that the physical NIC is not accessible by the Host VM. NIC connected to the Internet) known as the WAN.
All the Windows Server 2008 VM's were connected to the LAN only. The ISA2006 firewall was connected to the LAN and the WAN in a 2 NIC style configuration.
The ISA2006 firewall was configured as a VPN Server using dynamic DHCP address assignment linked to the "Internal" network which was the LAN.
Problem:
RRAS could not access the DHCP server and returned APIPA addresses instead (169.x.x.x) thus VPN Clients could connect but not access anything.
Using static IP Addresses worked fine but this is not the best practice.
The Event log on the DHCP server showed some DHCP errors stating that no bindings were possible because the NIC did not have a static IPv4 address configured.
Solution:
Hyper-V configures virtual NIC's and Physical NIC's in a very different way. Virtual NIC's get bound to all the usual protocols including TCP/IP IPv4 and thus get an IP Address and all the trimmings whilst Physical NIC's are only bound to a Virtual Switch Protocol and thus do not have an IP Address. It was the physical NIC that the DHCP Service was picking up.
To get around this problem I had to convert the "External" virtual network (LAN) to an "Internal" virtual network. This is a virtual network with a virtual NIC accessible to the Host VM and all Client VM's but with no physical NIC. This way the DHCP service picked up the virtual NIC with its static IP Address configured and could bind to it.
There is one issue with this solution in that with no physical NIC this virtualised server cannot connect to any other physical server on the internal LAN. To get around this problem I could have edited the registry instead and given the Physical NIC an IP Address. This IP Address would be ignored by Hyper-V but the DHCP service would still be able to bind to it.
I hope this saves someone a lot of pain 
Cheers... ewdev
|
|
|
|
|
RE: VPN + dynamic DHCP address assignment + HYPER-V - 19.Sep.2008 12:44:20 PM
|
|
|
asalihbe
Posts: 1
Joined: 19.Sep.2008
Status: offline
|
Hi, it was great post with many useful hints, but I would ask the same author or anyone else, his recommendations and procedure ''how to'' for somewhat different scenario, e.g.:
My goal is to create, using my HP ML350 Server with installed WS 2008 and Hyper- V; 2 quad core processors + 16 GB RAM and 2 NIC cards, several VMs with Win XP and WS 2003 OS, which shall be accessible from local Intranet at the Campus, but also from Internet within VPN, to minimize their public exposure and threats from Internet.
I intend to install on VMs with XP OS software applications that students would access with remote terminals from their PCs either at Campus or from home, while on VM with WS 2003 (or WS 2008), I am planning to install server applications and enable multiple terminal services connections to them via described networking access.
Thanking you in advance on any help and advice you can provide,
Sincerely
asalihbe
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
