Always On VPN Gateway server - client IP pools and default route

Kernel Panic 41 Reputation points
2020-10-08T16:15:46.887+00:00

Hello all, we are in the process of creating the infrastructure for Always On VPN and I have a couple of questions but I'll just detail our setup first:

3 x Windows Server 2019 Network Policy (RADIUS) servers
3 x Windows Server 2019 RRAS VPN Gateway servers

  1. My first question concerns the allocation of IP addresses for clients; if I have a 600 address IP range, presumably I'd carve that up amongst the 3 gateway servers so they are each handing out 200 addresses i.e. I wouldn't define the same 600-address pool on each server, right?
  2. Related to the above, I've seen documentation provided by a consultant that says the client IP addresses should use the VPN Gateways as their default roouter - is this correct? I can't seem to find this requirement anywhere else.

Thanks for any help, much appreciated.

Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,276 questions
Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
516 questions
0 comments
Accepted answer
  1. Candy Luo 12,661 Reputation points Microsoft Vendor
    2020-10-09T02:23:02.897+00:00

    Hi ,

    My first question concerns the allocation of IP addresses for clients; if I have a 600 address IP range, presumably I'd carve that up amongst the 3 gateway servers so they are each handing out 200 addresses i.e. I wouldn't define the same 600-address pool on each server, right?

    Yes, you are right. You need to define different range on each 3 VPN server instead of defining the same 600-address pool on each server.

    Related to the above, I've seen documentation provided by a consultant that says the client IP addresses should use the VPN Gateways as their default router - is this correct?

    For the VPN Adapter, the VPN server is used as the router by default. There is no problem with VPN server route in the routing table.

    Best Regards,

    Candy

    --------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kernel Panic 41 Reputation points
    2020-10-09T11:53:27.337+00:00

    Thankyou Candy, I have one last question; the reason we have 3 VPN servers is for redundancy and resilience, If I lose one of the VPN servers then does that mean I've lost a block of 200 client IP addresses? - and in that case would it be better to use DHCP rather than the VPN servers for handing out addresses?

  2. Candy Luo 12,661 Reputation points Microsoft Vendor
    2020-10-13T01:55:17.117+00:00

    Hi ,

    Sorry for de delayed response.

    the reason we have 3 VPN servers is for redundancy and resilience, If I lose one of the VPN servers then does that mean I've lost a block of 200 client IP addresses? - and in that case would it be better to use DHCP rather than the VPN servers for handing out addresses?

    Yes, you are right. You would better use DHCP to assign IP address. If you worried to cover enough IP address in one single pool, you could create DHCP Superscope.

    Here is a thread discussed before, you could have a look:

    AOVPN Client IP Pool from multiple Subnet

    Best Regards,
    Candy

    --------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  3. Kernel Panic 41 Reputation points
    2020-10-14T08:31:14.617+00:00

    Hello Candy, thanks for your help, I do have one more question - If we use DHCP should we specify the VPN Gateway servers as the default router in the DHCP scope options?