Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Site-to-Site VPN, Subnet question

Posted on 2004-11-02
6
Medium Priority
?
455 Views
Last Modified: 2010-04-10
We want to set up a site-to-site VPN between routers in our two branch offices and our corporate headquarters.  We have a T1 at our headquarters and ADSL at the branches.  We are running Windows Small Business Server at the main office.  Ideally, workstations in the branches would login directly to our SBS server to the same domain that workstations in the main office do.

Do I need to have all offices on one big subnet, or should I separate them into three separate subnets?  I guess I am confused about how the domain is resolved when logging in on a Windows Network.  If it uses DNS to resolve it then I suppose its fine on seprate subnets, but I'm not sure how that works.

We are a small company of about 20 employees.
0
Comment
Question by:fisc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 500 total points
ID: 12472645

Seperate Subnets for each office to keep IP Routing nice and simple.

For example:

Main Site: 10.0.1.x
Branch Site 1: 10.0.2.x
Branch Site 2: 10.0.3.x

etc

Provided the Firewall portion of your VPN Server / Router / Firewall allows the traffic through then there will be no problem with getting the users logged on.

These subnets will also have no problem registering entries in your central DNS Server (running on SBS) as that should accept updates from authenticated users.

One thing that might come up though, how are you assigning IP Addresses? DHCP or Statically?
0
 
LVL 16

Accepted Solution

by:
JammyPak earned 500 total points
ID: 12472666
it won't be all one subnet - you'll have to have separate internal address spaces (ie. separate IP network addresses) in each site, and then you'll have to set up routing between the sites.

As for domain resolution, you'll just need to have internal DNS servers that are accessible to all sites. You could have 3 DNS servers, and make them all replicate to one another (make it AD-integrated DNS zone). Or, you could have some users querying DNS across the VPN link. In AD, you should also configure 'sites' - you can have one AD 'site' per physical location. Users will always try to login to a DC in the same site as they are, but if there's a location with no DC, then it will still find it in DNS and log the user in.
0
 

Author Comment

by:fisc
ID: 12473002
At the main office we are running DHCP on the SBS sever.  Since it sounds like I should for sure use separate subnets (and I like that better) then we will run DHCP on the routers at the branches.  The resolution of the domain name to the DC is the main thing I was concerned with... wasn't sure if the routers in the branches would pass the request through to resolve.
0
Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

 
LVL 16

Expert Comment

by:JammyPak
ID: 12473098
domain resolution won't be a problem - as long as DNS is available to all sites...you could just have one DNS server, and have all clients use that even (this *could* be a bottleneck, but not necessarily...)
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12474193

Given the number of users you shouldn't really encounter any problems with DNS resolution.
0
 

Author Comment

by:fisc
ID: 12476676
Thanks.  I got the site-to-site VPN and logging into the central DC working this afternoon in our test lab.  Next step is to head to the branches and set them up!
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question