Solved

Windows 2003 Site to Site VPN using VPN hardware

Posted on 2004-09-29
5
197 Views
Last Modified: 2013-11-16
I currently have a Win2k3 domain with a number of clients and 2 servers, both are domain controllers. I am looking to link a branch office in to my domain. In the past I have used ISA server to do site-to-site connections, but it is a real pain and I am going to move to hardware based VPN solutions. When I open a vpn tunnel to the branch office and put another domain contoller at the branch to service the clients there, will the network at the branch look just like an extension of the LAN? Will the clients look at the local DC at the branch for AD services? Will the DHCP leases come down over the tunnel? Or should I make another IP network at the branch, with another DHCP and DNS server, so it will use a different IP address space, but the same active directory space? Do I just do zone transfers between the DNS server at HQ and the branch so each side of the network knows whats going on?

Thanks!
0
Comment
Question by:cbtech
  • 3
5 Comments
 
LVL 12

Expert Comment

by:Mazaraat
ID: 12184556
To minimize network traffic I would setup the remote office with its own DHCP/DNS since you are already putting a DC there.  The DC can be in the same domain and have a different subnet, you would simply specify the subnets in the MMC Sites and Services.  
0
 

Author Comment

by:cbtech
ID: 12184607
As I was thinking, the max clients I will ever have in that office is 10. Maybe I should skip the DC, and just have that office use the VPN/Firewall appliances DHCP server, and use the headquarters DNS, with the branch office ISP DNS ip's for failover? Over the wire there will just be basic authentication requests and some file transfers, since there will be no DC at the branch office replications traffic can be reduced. Both appliances will sit on good T-1 access so they wont go down too much at all. Good idea?
0
 
LVL 12

Expert Comment

by:Mazaraat
ID: 12184660
>Do I just do zone transfers between the DNS server at HQ and the branch so each side of the >network knows whats going on?

Yes, create a secondary zone that is updated from the other DNS server on the each side of the VPN connection.
0
 
LVL 12

Expert Comment

by:Mazaraat
ID: 12184698
That is also a good idea, and less expensive that a full DC at the remote office.  Do you plan on having file storage at remote site that needs to be accessed from your main site?  Though if you have a full t-1 I think you will be ok with just a VPN router on the other side, spend a little $$ and get a good cisco model that has also has a wic slot to also terminate your T-1 and can do VPN, like the 1720 or 2611 models....
0
 
LVL 10

Accepted Solution

by:
snerkel earned 250 total points
ID: 12187172
Depending on the implementation of the VPN used by the hardware it is possible that broadcasts won't traverse the tunnel, this could cause problems with things like DHCP.

Check with the hardware vendor to see if broadcasts through a VPN tunnel are supported as if not this may force you in to a specific solution.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Stream live video from Raspberry Pi camera 22 112
Unable to RDP to windows 10 pro machine 15 73
By pass website on ASA for Websense 4 49
Viber-Only Restriction 6 21
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now