• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 207
  • Last Modified:

Windows 2003 Site to Site VPN using VPN hardware

I currently have a Win2k3 domain with a number of clients and 2 servers, both are domain controllers. I am looking to link a branch office in to my domain. In the past I have used ISA server to do site-to-site connections, but it is a real pain and I am going to move to hardware based VPN solutions. When I open a vpn tunnel to the branch office and put another domain contoller at the branch to service the clients there, will the network at the branch look just like an extension of the LAN? Will the clients look at the local DC at the branch for AD services? Will the DHCP leases come down over the tunnel? Or should I make another IP network at the branch, with another DHCP and DNS server, so it will use a different IP address space, but the same active directory space? Do I just do zone transfers between the DNS server at HQ and the branch so each side of the network knows whats going on?

Thanks!
0
cbtech
Asked:
cbtech
  • 3
1 Solution
 
MazaraatCommented:
To minimize network traffic I would setup the remote office with its own DHCP/DNS since you are already putting a DC there.  The DC can be in the same domain and have a different subnet, you would simply specify the subnets in the MMC Sites and Services.  
0
 
cbtechAuthor Commented:
As I was thinking, the max clients I will ever have in that office is 10. Maybe I should skip the DC, and just have that office use the VPN/Firewall appliances DHCP server, and use the headquarters DNS, with the branch office ISP DNS ip's for failover? Over the wire there will just be basic authentication requests and some file transfers, since there will be no DC at the branch office replications traffic can be reduced. Both appliances will sit on good T-1 access so they wont go down too much at all. Good idea?
0
 
MazaraatCommented:
>Do I just do zone transfers between the DNS server at HQ and the branch so each side of the >network knows whats going on?

Yes, create a secondary zone that is updated from the other DNS server on the each side of the VPN connection.
0
 
MazaraatCommented:
That is also a good idea, and less expensive that a full DC at the remote office.  Do you plan on having file storage at remote site that needs to be accessed from your main site?  Though if you have a full t-1 I think you will be ok with just a VPN router on the other side, spend a little $$ and get a good cisco model that has also has a wic slot to also terminate your T-1 and can do VPN, like the 1720 or 2611 models....
0
 
snerkelCommented:
Depending on the implementation of the VPN used by the hardware it is possible that broadcasts won't traverse the tunnel, this could cause problems with things like DHCP.

Check with the hardware vendor to see if broadcasts through a VPN tunnel are supported as if not this may force you in to a specific solution.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now