When configuring the DHCP server in AT&T Administration Server you must specify the range of addresses that the DHCP server hands out. The starting and ending addresses must fall within the subnet range defined for the local LAN interface or VLAN that is servicing the requests. The VPN Gateway can be configured as an authoritative server. This is necessary to support DHCP INFORM messages which are used for example to configure proxy servers via WPAD in Internet Explorer via DHCP Option 252.

If the VPN Gateway is configured as the DHCP server, the administrator can configure specific DHCP options to be passed back to the local IP devices within the DHCP response. An option value will only be passed to the requesting device if it is specifically requested by the device within the DHCP request. These options are configured within AT&T Administration Server and can be the same for all DHCP pools managed by the VPN Gateway, or the options can be configured to be specific to each DHCP pool. Multiple entries for the same DHCP option can be configured in AT&T Administration Server. The VPN Gateway will concatenate the entries together to make a single entry in the DHCP configuration file. Up to 256 bytes can be configured for any one item.

In addition to the specific DHCP options that are configured within the AT&T Administration Server the VPN Gateway will dynamically add the DNS server, WINS server, and domain name options to the DHCP responses. These server values are determined dynamically based on the specific tunnel connected and other configuration values within the AT&T Administration Server. The VPN Gateway default behavior is to add its local LAN interface as the router. This option can be overridden.

DHCP options are frequently used in a variety of cases – for example to provide DNS server information when the VPN Gateway is not providing DNS proxy functionality, and to define a SIP Phone configuration server in VoIP scenarios.

If the VPN Gateway is configured as the DHCP server, the administrator can configure specific DHCP subpools. This provides the customer with the ability to assign subsets of the DHCP pool to unique device classes. For example, device with a MAC address starting with XX:YY:ZZ would always be assigned an IP address from a sub pool that contains IP address that are in the range of xx.xx.xx.50 through xx.xx.xx.55. This allows for easier firewall management inside of the customer’s network.

DHCP Relay can only be used in specific circumstances, and there are certain prerequisites to consider. Firstly, this is only an option in No-NAT Remote Office configurations. Secondly, the tunnel should be up at the time the IP devices on the local LAN side issue DHCP requests, or there is no connectivity to the DHCP server. This means that a persistent or traffic initiated tunnel is required. When configuring DHCP relay, the IP address of the enterprise network-based DHCP server must be detailed in the VPN Gateway Device Profile stored on the AT&T Administration Server. The Primary and an optional backup DHCP Relay server can be configured per VLAN. These servers must be accessible through a VPN tunnel.