Learn how to a build a cloud-first strategyRegister Now


Domains connections over VPN's

Posted on 2006-04-24
Medium Priority
Last Modified: 2013-11-16
I am having problems with getting my domain fully functional over our VPN's in certain locations. I have the DNS server running on the Domain controller machine and I then manually enter DNS (sometimes WINS) on the machines over the VPN tunnel to the DNS server (manual entry) and the machine for WINS (which it is also running). I can see the machine and join the domain but it won't apply the policies in some locations. I believe it has something to do with the VPN routers - blocking certain types of traffic but I am not sure. The routers are Linksys RV042's and the main router (which is the gateway VPN) is a netgear vpn prosafe firewall router. I have been fumbling around now trying to get this fully functioning and I keep running into probs in certain locations.

Is there better vpn routers I should be using to simplify this process? Cisco? I am worried of the Linksys and Netgear tunnels going down (which has happened before).

We have 7 offices with 15-20 clients at each - all on T1s.  I really need to know the best way to get my domain working in the most efficient way. I want to have it only accessed through the VPN at our offices (for secure purposes).

If anyone has any suggestions I would really greatly appreciate!!

Thank you,

- cparent
Question by:cparent05
  • 2
LVL 19

Accepted Solution

feptias earned 500 total points
ID: 16537724
Hi cparent

That's quite a big question you're asking and some of it is too tricky to comment on without seeing diagrams and knowing a lot more detail about what your clients need and where your servers are located and what they do etc. However, I can make a few comments that might be of interest/help:

Reliabilty of site-to-site VPN routers: I used some low cost Netgear Prosafes for a client and eventually had to swap them out for something more serious (SonicWalls) because the reliabilty was just not good enough. The Netgears looked great value, but they would lock up about every 30 days and needed a power cycle to reset them. I have no experience of Linksys but generally you get what you pay for.

If your WAN connections are "intermittent" you might want to consider putting a domain controller server at each branch office - with 15-20 clients at each this could probably be justified (just). Windows Server 2003 is good in this situation because it can be configured with knowledge of sites and the links between them. Domain information replicates automatically in the background. It also uses its knowledge of your network topology to ensure client PC's talk to the local DC when it is available.

Hope this helps.

Author Comment

ID: 16537989
This is good advice. I think I will keep a log now of probs requiring a hard reset of the base router. I have not had to yet but it may happen in the future. I may end up actually setting up domain controllers at each location. My only prob or concern would be that it may be a little redundant to have each location with its own server. The good thing about this though would be that IF the internet or vpn went down it would still have server access and server mapped drives etc.

Thanks for comment and suggestions!

LVL 19

Expert Comment

ID: 16538394
If users want to access the server for file shares as well as login authentication, then you should look at Distributed File Services and File Replication (again this is in Server 2003 for sure and might be in 2000). This allows automated replication of shares across servers so would allow work to continue even if the vpn link was down. It is not suitable for files that are being constantly changed and updated, but is great for shared files that don't change often or only get changed by one "master" user.

Good luck with the project.

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month20 days, 20 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question