Domains connections over VPN's

I am having problems with getting my domain fully functional over our VPN's in certain locations. I have the DNS server running on the Domain controller machine and I then manually enter DNS (sometimes WINS) on the machines over the VPN tunnel to the DNS server (manual entry) and the machine for WINS (which it is also running). I can see the machine and join the domain but it won't apply the policies in some locations. I believe it has something to do with the VPN routers - blocking certain types of traffic but I am not sure. The routers are Linksys RV042's and the main router (which is the gateway VPN) is a netgear vpn prosafe firewall router. I have been fumbling around now trying to get this fully functioning and I keep running into probs in certain locations.

Is there better vpn routers I should be using to simplify this process? Cisco? I am worried of the Linksys and Netgear tunnels going down (which has happened before).

We have 7 offices with 15-20 clients at each - all on T1s.  I really need to know the best way to get my domain working in the most efficient way. I want to have it only accessed through the VPN at our offices (for secure purposes).

If anyone has any suggestions I would really greatly appreciate!!

Thank you,

- cparent
cparent05Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

feptiasChief DudeCommented:
Hi cparent

That's quite a big question you're asking and some of it is too tricky to comment on without seeing diagrams and knowing a lot more detail about what your clients need and where your servers are located and what they do etc. However, I can make a few comments that might be of interest/help:

Reliabilty of site-to-site VPN routers: I used some low cost Netgear Prosafes for a client and eventually had to swap them out for something more serious (SonicWalls) because the reliabilty was just not good enough. The Netgears looked great value, but they would lock up about every 30 days and needed a power cycle to reset them. I have no experience of Linksys but generally you get what you pay for.

If your WAN connections are "intermittent" you might want to consider putting a domain controller server at each branch office - with 15-20 clients at each this could probably be justified (just). Windows Server 2003 is good in this situation because it can be configured with knowledge of sites and the links between them. Domain information replicates automatically in the background. It also uses its knowledge of your network topology to ensure client PC's talk to the local DC when it is available.

Hope this helps.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cparent05Author Commented:
This is good advice. I think I will keep a log now of probs requiring a hard reset of the base router. I have not had to yet but it may happen in the future. I may end up actually setting up domain controllers at each location. My only prob or concern would be that it may be a little redundant to have each location with its own server. The good thing about this though would be that IF the internet or vpn went down it would still have server access and server mapped drives etc.


Thanks for comment and suggestions!

-cparent
feptiasChief DudeCommented:
If users want to access the server for file shares as well as login authentication, then you should look at Distributed File Services and File Replication (again this is in Server 2003 for sure and might be in 2000). This allows automated replication of shares across servers so would allow work to continue even if the vpn link was down. It is not suitable for files that are being constantly changed and updated, but is great for shared files that don't change often or only get changed by one "master" user.

Good luck with the project.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.