Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Connecting to 6.5 networks together via VPN

Posted on 2006-07-14
7
Medium Priority
?
206 Views
Last Modified: 2012-06-21
I am going to connect two 300 user 6.5 Netware networks (identical version, etc.) via VPN connection.  I have the VPN setup but not active yet.  I have no experience with this so am afraid to connect the two EDir trees with the VPN until I research it further.  Thanks.
Any suggestions on steps to take?

Current Dir Configuration:
Tree A:  
Tree=MNW
O=mnw
OU= "H" and "B" and "E" (3 ou's)

Tree B:
Tree=MNW-B
O=MNWB
OU= (none)
0
Comment
Question by:krusebr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 35

Expert Comment

by:ShineOn
ID: 17110926
I guess, the biggest question is - do you intend to merge the trees, or leave it as a multi-tree environment?  

Make sure you don't have any IP protocols being blocked from passing through the VPN.

Is it safe to assume that the two networks are on different subnets - that they aren't both, say, "10.10.0.0 255.255.0.0"?  Then, you'll have to establish routes to the other networks, of course, but until you are ready to plan a tree merge (if you're going to) you shouldn't have to worry about things like eDirectory partitioning/replication traffic.  Timesync shouldn't be an issue until/if you're going to merge trees, 'cause each tree should have its own configured time sources.

What's your concern - that one will corrupt the other somehow?  That shouldn't worry you, as long as they're different trees in different subnets...  That users will "accidentally" log in to the wrong tree?  That should be handled through DHCP.

If/when you decide to merge trees, post back with a new question about that - we're full of advice for merging trees. Simply connecting the 2 networks with a VPN, though, shouldn't be a big deal, IMHO, because they're separate trees in separate networks.

0
 

Author Comment

by:krusebr
ID: 17111010
Tree MNW is on a 10.34.0.0 - 255.255.0.0 network and Tree MNWB is on a 10.21.0.0 - 255.255.0.0 network.

We may need to merge the trees but I am not sure.  I will tell you our plans....
We want to share a school information system (data folder) that will be on a Netware 6.5 server volume on Tree MNW.  There will be a need to connect approx. 25 XP clients on Tree MNWB to this data folder.  Maybe it would be easier to just merge the trees?  Is there any issues with the EDir and syncing over a VPN.

Thanks again for your help.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 17111292
Easier to merge the trees?  No, unless they SHOULD be in the same tree.  It's not as simple as it sounds, and has to be done with full understanding of the process, and careful planning.    It's easier to manage a single tree than multiple trees, but it's up to you whether the benefits outweigh the costs and so on... ;)

Keeping 'em separate trees, you'll need to set up the 25 "tree B" users as user objects in the MNW "A" tree with rights to the folder.  Their passwords will likely be unique and not synchronized because they're different user objects.   If you merge the trees, it'd be a simple matter of assigning the users rights to the folder - they'd still just authenticate to the tree once.  Separate trees require separate authentication, separate licenses.  If you merge trees and you have 300 user licenses on each tree, you end up with 600 user licenses for your combined tree, so there's a cost benefit to merging, too - you'll have to account for having those additional 25 users taking up licensing in your "A" tree.

If you have a reasonably "fat" pipe, eDir syncs just fine.  Even over a slower link, it's not so bad - eDir sync traffic is rather light - especially when compared to MAD sync traffic.

I had a VPN WAN using BorderManager site-to-site VPN, no problem with eDir sync, as long as timesync was good.  Since I had some old hardware and some NetWare 5.1 at one site, timesync drift was a bit of a problem until I upgraded hardware and NetWare, but it shouldn't be a problem nowadays.
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 

Author Comment

by:krusebr
ID: 17111350
If I don't merge the trees, then in order to login to the other tree, will I have to set the nic ip on each of the machines needed to connect to the other tree to their subnet.  If I do, then I suppose I lose printers in the local building for those computers needing access to the other building's tree???
Wow, am I correct on this?
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 17111393
No, you should be able to just set up a route to their network.
0
 
LVL 35

Accepted Solution

by:
ShineOn earned 2000 total points
ID: 17111409
The VPN devices or servers or whatever you're using for VPN should have the capability to establish a route between networks.  That should be all that's necessary.  Make the next-hop route to the A network the VPN network and vice-versa.

You don't want to bridge, you want to route.
0
 

Author Comment

by:krusebr
ID: 17111421
Great.  I will try keeping them separate first.  Thanks!
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Geo-targeting is the practice of distributing content based on a person’s location, as best as you can determine it. Let’s look at some ways you could successfully use this tactic. The following tips and case studies could lead to meaningful results.
Article by: evilrix
Looking for a way to avoid searching through large data sets for data that doesn't exist? A Bloom Filter might be what you need. This data structure is a probabilistic filter that allows you to avoid unnecessary searches when you know the data defin…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question