Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Configure a remote site in an SBS2003 domain using vpn tunnel between 2 firewalls

Posted on 2006-05-31
Medium Priority
Last Modified: 2010-03-19
Network setup:

Main site:
SBS Server 2003 (is dhcp server), one nic, ip range 192.168.19.X, 30 clients

Remote site:
2 desktop pcs, ip range 192.168.20.x, firewall/router = dhcp server

Both sites are connected with a vpn tunnel between 2 SGS320 appliances.

At the remote sites clients can connect to exchange and network shares. They get their ip adresses from the SGS320, working ok.

I have troubles printing from main site to the remote site, think dns is not working properly. Can someone advice me how to setup this situation properly and secure?

At remote site i want to use the router/firewall as dhcp server.
Question by:kuvain

Expert Comment

ID: 16801827
Are you using ISA to connect the two sites or another firewall?

Author Comment

ID: 16802235
No, using a hardware vpn tunnel between the 2 appliances. The SGS320 appliance also function ad firewall.

Author Comment

ID: 16802512
I googled around a bit - in many articles people are setting op a second DC in remote office. This is not an option for me, I just want these two clients working perfect in the domain without installing another DC.

Is this possible?
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.


Accepted Solution

Computerguy107 earned 750 total points
ID: 16804811
In your VPN client look for the DNS settings and then hardcode in the DNS from your local machine...

Expert Comment

ID: 16805286
Is windows firewall enabled on your client pc's?  If so you might have to change your sbs server group policy to make the windows firewall allow access to both your local subnet and the remote one.

Author Comment

ID: 16811789
Thanks for the advices.

The hardcoding of dns server is the only option, but I do want the clients to be configured through dhcp (sgs320 on remote site is now dhcp). Since i see no options to let this router hand out predefined dns server i think this is an impossible situation here.

Firewalls are off as on all the client pcs.

For now i configured the clients with dynamic ip adresses and static dns (pointing to sbsserver). All works well.

Too bad i cant do everything with dhcp, read something about dhcp relaying but thats not possible with SGS230.

Computerguy 107 took me back in to the right direction, points are his.

thx everybody for the help

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question