HP ProLiant DL320 G4 Server User Manual
Page 30
Network services support 30
•
The ProLiant DL320 Security Server
•
A computer on the internal network
The DHCP server can be installed on the ProLiant DL320 Security Server if there are no other server
computers on the internal network where a DHCP server can be installed. Installing the DHCP server on
the ProLiant DL320 Security Server is a second choice because VPN clients cannot obtain an IP address
from the DHCP server on the ProLiant DL320 Security Server itself. Configure a static address pool of IP
addresses to assign to VPN clients when the DHCP server is installed on the ProLiant DL320 Security
Server. Another reason to keep the DHCP server off the firewall is to reduce the number of applications
running on the firewall, all of which create potential portals for attack.
Placing the DHCP server on a computer located on the internal network enables the VPN clients to obtain
IP addressing information from the DHCP server. In addition, the ProLiant DL320 Security Server can
automatically define the VPN client's network based on the IP addresses it obtains from the DHCP server.
Another advantage is that the DHCP Relay Agent routing service can optionally be installed on the
ProLiant DL320 Security Server and DHCP options can be assigned to the VPN client's network, such as a
primary domain name.