Solved

Windows 2003 Site to Site VPN using VPN hardware

Posted on 2004-09-29
5
196 Views
Last Modified: 2013-11-16
I currently have a Win2k3 domain with a number of clients and 2 servers, both are domain controllers. I am looking to link a branch office in to my domain. In the past I have used ISA server to do site-to-site connections, but it is a real pain and I am going to move to hardware based VPN solutions. When I open a vpn tunnel to the branch office and put another domain contoller at the branch to service the clients there, will the network at the branch look just like an extension of the LAN? Will the clients look at the local DC at the branch for AD services? Will the DHCP leases come down over the tunnel? Or should I make another IP network at the branch, with another DHCP and DNS server, so it will use a different IP address space, but the same active directory space? Do I just do zone transfers between the DNS server at HQ and the branch so each side of the network knows whats going on?

Thanks!
0
Comment
Question by:cbtech
  • 3
5 Comments
 
LVL 12

Expert Comment

by:Mazaraat
Comment Utility
To minimize network traffic I would setup the remote office with its own DHCP/DNS since you are already putting a DC there.  The DC can be in the same domain and have a different subnet, you would simply specify the subnets in the MMC Sites and Services.  
0
 

Author Comment

by:cbtech
Comment Utility
As I was thinking, the max clients I will ever have in that office is 10. Maybe I should skip the DC, and just have that office use the VPN/Firewall appliances DHCP server, and use the headquarters DNS, with the branch office ISP DNS ip's for failover? Over the wire there will just be basic authentication requests and some file transfers, since there will be no DC at the branch office replications traffic can be reduced. Both appliances will sit on good T-1 access so they wont go down too much at all. Good idea?
0
 
LVL 12

Expert Comment

by:Mazaraat
Comment Utility
>Do I just do zone transfers between the DNS server at HQ and the branch so each side of the >network knows whats going on?

Yes, create a secondary zone that is updated from the other DNS server on the each side of the VPN connection.
0
 
LVL 12

Expert Comment

by:Mazaraat
Comment Utility
That is also a good idea, and less expensive that a full DC at the remote office.  Do you plan on having file storage at remote site that needs to be accessed from your main site?  Though if you have a full t-1 I think you will be ok with just a VPN router on the other side, spend a little $$ and get a good cisco model that has also has a wic slot to also terminate your T-1 and can do VPN, like the 1720 or 2611 models....
0
 
LVL 10

Accepted Solution

by:
snerkel earned 250 total points
Comment Utility
Depending on the implementation of the VPN used by the hardware it is possible that broadcasts won't traverse the tunnel, this could cause problems with things like DHCP.

Check with the hardware vendor to see if broadcasts through a VPN tunnel are supported as if not this may force you in to a specific solution.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now