Domains connections over VPN's

Posted on 2006-04-24
Last Modified: 2013-11-16
I am having problems with getting my domain fully functional over our VPN's in certain locations. I have the DNS server running on the Domain controller machine and I then manually enter DNS (sometimes WINS) on the machines over the VPN tunnel to the DNS server (manual entry) and the machine for WINS (which it is also running). I can see the machine and join the domain but it won't apply the policies in some locations. I believe it has something to do with the VPN routers - blocking certain types of traffic but I am not sure. The routers are Linksys RV042's and the main router (which is the gateway VPN) is a netgear vpn prosafe firewall router. I have been fumbling around now trying to get this fully functioning and I keep running into probs in certain locations.

Is there better vpn routers I should be using to simplify this process? Cisco? I am worried of the Linksys and Netgear tunnels going down (which has happened before).

We have 7 offices with 15-20 clients at each - all on T1s.  I really need to know the best way to get my domain working in the most efficient way. I want to have it only accessed through the VPN at our offices (for secure purposes).

If anyone has any suggestions I would really greatly appreciate!!

Thank you,

- cparent
Question by:cparent05
    LVL 19

    Accepted Solution

    Hi cparent

    That's quite a big question you're asking and some of it is too tricky to comment on without seeing diagrams and knowing a lot more detail about what your clients need and where your servers are located and what they do etc. However, I can make a few comments that might be of interest/help:

    Reliabilty of site-to-site VPN routers: I used some low cost Netgear Prosafes for a client and eventually had to swap them out for something more serious (SonicWalls) because the reliabilty was just not good enough. The Netgears looked great value, but they would lock up about every 30 days and needed a power cycle to reset them. I have no experience of Linksys but generally you get what you pay for.

    If your WAN connections are "intermittent" you might want to consider putting a domain controller server at each branch office - with 15-20 clients at each this could probably be justified (just). Windows Server 2003 is good in this situation because it can be configured with knowledge of sites and the links between them. Domain information replicates automatically in the background. It also uses its knowledge of your network topology to ensure client PC's talk to the local DC when it is available.

    Hope this helps.

    Author Comment

    This is good advice. I think I will keep a log now of probs requiring a hard reset of the base router. I have not had to yet but it may happen in the future. I may end up actually setting up domain controllers at each location. My only prob or concern would be that it may be a little redundant to have each location with its own server. The good thing about this though would be that IF the internet or vpn went down it would still have server access and server mapped drives etc.

    Thanks for comment and suggestions!

    LVL 19

    Expert Comment

    If users want to access the server for file shares as well as login authentication, then you should look at Distributed File Services and File Replication (again this is in Server 2003 for sure and might be in 2000). This allows automated replication of shares across servers so would allow work to continue even if the vpn link was down. It is not suitable for files that are being constantly changed and updated, but is great for shared files that don't change often or only get changed by one "master" user.

    Good luck with the project.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Suggested Solutions

    Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
    Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now