Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Windows 2003 Site to Site VPN using VPN hardware

Posted on 2004-09-29
5
Medium Priority
?
206 Views
Last Modified: 2013-11-16
I currently have a Win2k3 domain with a number of clients and 2 servers, both are domain controllers. I am looking to link a branch office in to my domain. In the past I have used ISA server to do site-to-site connections, but it is a real pain and I am going to move to hardware based VPN solutions. When I open a vpn tunnel to the branch office and put another domain contoller at the branch to service the clients there, will the network at the branch look just like an extension of the LAN? Will the clients look at the local DC at the branch for AD services? Will the DHCP leases come down over the tunnel? Or should I make another IP network at the branch, with another DHCP and DNS server, so it will use a different IP address space, but the same active directory space? Do I just do zone transfers between the DNS server at HQ and the branch so each side of the network knows whats going on?

Thanks!
0
Comment
Question by:cbtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 12

Expert Comment

by:Mazaraat
ID: 12184556
To minimize network traffic I would setup the remote office with its own DHCP/DNS since you are already putting a DC there.  The DC can be in the same domain and have a different subnet, you would simply specify the subnets in the MMC Sites and Services.  
0
 

Author Comment

by:cbtech
ID: 12184607
As I was thinking, the max clients I will ever have in that office is 10. Maybe I should skip the DC, and just have that office use the VPN/Firewall appliances DHCP server, and use the headquarters DNS, with the branch office ISP DNS ip's for failover? Over the wire there will just be basic authentication requests and some file transfers, since there will be no DC at the branch office replications traffic can be reduced. Both appliances will sit on good T-1 access so they wont go down too much at all. Good idea?
0
 
LVL 12

Expert Comment

by:Mazaraat
ID: 12184660
>Do I just do zone transfers between the DNS server at HQ and the branch so each side of the >network knows whats going on?

Yes, create a secondary zone that is updated from the other DNS server on the each side of the VPN connection.
0
 
LVL 12

Expert Comment

by:Mazaraat
ID: 12184698
That is also a good idea, and less expensive that a full DC at the remote office.  Do you plan on having file storage at remote site that needs to be accessed from your main site?  Though if you have a full t-1 I think you will be ok with just a VPN router on the other side, spend a little $$ and get a good cisco model that has also has a wic slot to also terminate your T-1 and can do VPN, like the 1720 or 2611 models....
0
 
LVL 10

Accepted Solution

by:
snerkel earned 1000 total points
ID: 12187172
Depending on the implementation of the VPN used by the hardware it is possible that broadcasts won't traverse the tunnel, this could cause problems with things like DHCP.

Check with the hardware vendor to see if broadcasts through a VPN tunnel are supported as if not this may force you in to a specific solution.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question