Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 218
  • Last Modified:

no connectivity server2003

I have server 2003 with Active Directory and it serves as the DNS server.  It has run perfectly within our small network (a couple computers) until I put a public static IP on it.  Now I have no connectivity to the DSL modem (router).  The DSL modem has a public and private IP on it.  The server is the primary domain controller and its DNS points to itself.  The gateway is the public IP of the DSL router.  It is not the connection, as I changed it back to the old IP and it then works (private IP).  I remade the DNS zones to reflect the new IP's.  It did not work before I did that, nor after.  What am I doing wrong?
0
quiet30plr
Asked:
quiet30plr
  • 10
  • 9
1 Solution
 
Jay_Jay70Commented:
why do you want a public IP on your server?
0
 
quiet30plrAuthor Commented:
In order to join an Active Directory domain, we need the client to be configured with the DNS of the domain controller (DNS server).  This can only be done (through different DSL accounts) by giving the domain controller a public IP.  Any private (NAT) IP would not be recognized.
0
 
Jay_Jay70Commented:
hmmm i may be missing something here but i am still confused as to why....is your client sitting at a different site? you are sitting behind a DSL router yes?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
quiet30plrAuthor Commented:
Yes, it is remote and yes it is behind a DSL router.  When we do an ipconfig, we get the private gateway, not the router's public address that we configured.  Our ISP told us not to change the private IP of the router.  It is a Westell.  I tried to ping the server and router from a remote client and could get them, but cannot get them from the computers behind the same DSL router.  I tried to get the remote computer to join the domain, but got a, "no network path" error.  I can see the server through a remote connection from the remote computer.
0
 
Jay_Jay70Commented:
i would never give a server a public IP, you are just asking for trouble       what exactly are you trying to acheive and i will see if i can provide an alternative
0
 
quiet30plrAuthor Commented:
We are trying to network 4 different buildings with 4 different DSL's.  OUt ISP will not give us a T1.  We will be using Active Directory.  As of now, I have two domain controllers that work perfectly when they have a private static IP, within our group, but we cannot get out of this DSL, there is no way for the other groups to recognise the DC's or DNS.  
0
 
Jay_Jay70Commented:
why not set up VPN links between the sites?
0
 
quiet30plrAuthor Commented:
We have thought of that.  The cost of individual VPN's is a lot.  I don't want to use the free versions, as they are not very secure.  
0
 
Jay_Jay70Commented:
they can be perfectly secure if configured right, a hell of a lot more secure than using public IP's on you DC!
0
 
quiet30plrAuthor Commented:
We still have the same problem, though.  I have little experiance with VPNs, but when I did configure them, it was to a public, static IP.  How else does one machine see the other over remote distances?  
0
 
Jay_Jay70Commented:
with a site to site VPN you do use the public IP do make the connection, however the other side of the router at each site is a different private range
0
 
quiet30plrAuthor Commented:
That would tell me that I need the server to have a public IP.  The server is the DNS server, as well as the domain controller.
0
 
Jay_Jay70Commented:
no that tells you that your router has the public IP at site A and at site B your other router has a different public IP - the VPN setup links between these two

behind the router you may have a 192.168.x.x at site A and a 10.1.X.X range at the other site

no public IP should be sitting on your server at any stage
0
 
quiet30plrAuthor Commented:
Thank you.  This might solve our problem.  Let me get it straight... I give each router a public IP (done) - I assign a private IP (static) to the server and then what?  How do I assign the DNS of the private IP (of the server) to the client?  We have a copy of Cisco VPN and its licenses, but only the client.  Do I need the server version of Cisco VPN?  Is there a better VPN for the money and security?
0
 
Jay_Jay70Commented:
this depends on how you want to go about doing things.....so far you have grasped it well.

your remote client has a couple of options, depending on how you configure DNS....basically if he is sitting behind a router with the VPN link between, then your local DNS server for that site should host a secondary zone for the original site OR if you don't have a remote DNS server then you will have to point your DNS to the local site which holds your DC.....be wary, name resolution over VPN isn't fantastic, and you may have to revert back to static entries in your lmhosts file...

as long as you have a good link between the two routers, i think VPN is your best option, the remote client won't notice anything
0
 
quiet30plrAuthor Commented:
I still am at a loss as to how I point to a private IP.
0
 
Jay_Jay70Commented:
thats the beauty of a site to site VPN, once it is established, the two networks at either one are virtually "one" so you can just point your client to the DNS server
0
 
quiet30plrAuthor Commented:
I'll try it and see if it works.  Thanks.
0
 
Jay_Jay70Commented:
good luck
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 10
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now