• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 216
  • Last Modified:

Connecting to 6.5 networks together via VPN

I am going to connect two 300 user 6.5 Netware networks (identical version, etc.) via VPN connection.  I have the VPN setup but not active yet.  I have no experience with this so am afraid to connect the two EDir trees with the VPN until I research it further.  Thanks.
Any suggestions on steps to take?

Current Dir Configuration:
Tree A:  
Tree=MNW
O=mnw
OU= "H" and "B" and "E" (3 ou's)

Tree B:
Tree=MNW-B
O=MNWB
OU= (none)
0
krusebr
Asked:
krusebr
  • 4
  • 3
1 Solution
 
ShineOnCommented:
I guess, the biggest question is - do you intend to merge the trees, or leave it as a multi-tree environment?  

Make sure you don't have any IP protocols being blocked from passing through the VPN.

Is it safe to assume that the two networks are on different subnets - that they aren't both, say, "10.10.0.0 255.255.0.0"?  Then, you'll have to establish routes to the other networks, of course, but until you are ready to plan a tree merge (if you're going to) you shouldn't have to worry about things like eDirectory partitioning/replication traffic.  Timesync shouldn't be an issue until/if you're going to merge trees, 'cause each tree should have its own configured time sources.

What's your concern - that one will corrupt the other somehow?  That shouldn't worry you, as long as they're different trees in different subnets...  That users will "accidentally" log in to the wrong tree?  That should be handled through DHCP.

If/when you decide to merge trees, post back with a new question about that - we're full of advice for merging trees. Simply connecting the 2 networks with a VPN, though, shouldn't be a big deal, IMHO, because they're separate trees in separate networks.

0
 
krusebrAuthor Commented:
Tree MNW is on a 10.34.0.0 - 255.255.0.0 network and Tree MNWB is on a 10.21.0.0 - 255.255.0.0 network.

We may need to merge the trees but I am not sure.  I will tell you our plans....
We want to share a school information system (data folder) that will be on a Netware 6.5 server volume on Tree MNW.  There will be a need to connect approx. 25 XP clients on Tree MNWB to this data folder.  Maybe it would be easier to just merge the trees?  Is there any issues with the EDir and syncing over a VPN.

Thanks again for your help.
0
 
ShineOnCommented:
Easier to merge the trees?  No, unless they SHOULD be in the same tree.  It's not as simple as it sounds, and has to be done with full understanding of the process, and careful planning.    It's easier to manage a single tree than multiple trees, but it's up to you whether the benefits outweigh the costs and so on... ;)

Keeping 'em separate trees, you'll need to set up the 25 "tree B" users as user objects in the MNW "A" tree with rights to the folder.  Their passwords will likely be unique and not synchronized because they're different user objects.   If you merge the trees, it'd be a simple matter of assigning the users rights to the folder - they'd still just authenticate to the tree once.  Separate trees require separate authentication, separate licenses.  If you merge trees and you have 300 user licenses on each tree, you end up with 600 user licenses for your combined tree, so there's a cost benefit to merging, too - you'll have to account for having those additional 25 users taking up licensing in your "A" tree.

If you have a reasonably "fat" pipe, eDir syncs just fine.  Even over a slower link, it's not so bad - eDir sync traffic is rather light - especially when compared to MAD sync traffic.

I had a VPN WAN using BorderManager site-to-site VPN, no problem with eDir sync, as long as timesync was good.  Since I had some old hardware and some NetWare 5.1 at one site, timesync drift was a bit of a problem until I upgraded hardware and NetWare, but it shouldn't be a problem nowadays.
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

 
krusebrAuthor Commented:
If I don't merge the trees, then in order to login to the other tree, will I have to set the nic ip on each of the machines needed to connect to the other tree to their subnet.  If I do, then I suppose I lose printers in the local building for those computers needing access to the other building's tree???
Wow, am I correct on this?
0
 
ShineOnCommented:
No, you should be able to just set up a route to their network.
0
 
ShineOnCommented:
The VPN devices or servers or whatever you're using for VPN should have the capability to establish a route between networks.  That should be all that's necessary.  Make the next-hop route to the A network the VPN network and vice-versa.

You don't want to bridge, you want to route.
0
 
krusebrAuthor Commented:
Great.  I will try keeping them separate first.  Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now