adamkerrigan
asked on
IP Question: 2 Satellite >> Main Office via Cisco 2811 and 1841's
Good Afternoon,
I have purchased two Cisco 1841's and a 2811. They will be bound together via point-to-point T1's.
The only thing I know about Cisco, is how to spell it.
Our network is thus:
Main office:
All servers (DHCP, DNS, Exchange, DC's, etc.)
Cisco 2811
25 users
Internet T1 (This T1 will be the only internet access for the main and satellite offices.)
Satellite Offices:
No servers
Cisco 1841
2-5 users
I want the users at the satellite office to login to the Domain, get DHCP, DNS, etc.
My Question is:
Can I setup this desired configuration? (i.e. my satellite users getting the same IP's as my main office: 192.168.1.xxx)
Or do the computers have to be on a different scheme, i.e. 192.168.2.xxx. And if this is the case, what are the ramifications with regard to connecting to Active Directory, DNS, etc., etc., etc.
-adam.
I have purchased two Cisco 1841's and a 2811. They will be bound together via point-to-point T1's.
The only thing I know about Cisco, is how to spell it.
Our network is thus:
Main office:
All servers (DHCP, DNS, Exchange, DC's, etc.)
Cisco 2811
25 users
Internet T1 (This T1 will be the only internet access for the main and satellite offices.)
Satellite Offices:
No servers
Cisco 1841
2-5 users
I want the users at the satellite office to login to the Domain, get DHCP, DNS, etc.
My Question is:
Can I setup this desired configuration? (i.e. my satellite users getting the same IP's as my main office: 192.168.1.xxx)
Or do the computers have to be on a different scheme, i.e. 192.168.2.xxx. And if this is the case, what are the ramifications with regard to connecting to Active Directory, DNS, etc., etc., etc.
-adam.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
are you asking with help creating the point to point connections between the routers.?. I would create each site with its own IP sceme.
site 1 192.168.1.0
site 2 192.168.2.0
site 3 192.168.3.0
i would at least put a computer at each location as an Active directory server and create your sites in Active directory site and services, this way user credentials will be way easier to manange and have changes propagate and perform at greater speeds.
site 1 192.168.1.0
site 2 192.168.2.0
site 3 192.168.3.0
i would at least put a computer at each location as an Active directory server and create your sites in Active directory site and services, this way user credentials will be way easier to manange and have changes propagate and perform at greater speeds.
ASKER
Thank you for the response!
To answer a few questions:
The Internet T1 connects to a Symantec Gateway Security device that connects to the internal network.
The 2811 connects the point-to-points together and connects then to the internal network.
I like your recommendation against using 192.168.1.xxx. I was planning on using that, and I will have VPN users. I imagine it would result in a DNS nightmare... :)
I'm not sure what you mean by the Proxy, but with that exception, your outline is my plan.
Freya28,
At this point, I'm just exploring the planning and design phases of integration. I'll need help configuring later. :)
-adam.
To answer a few questions:
The Internet T1 connects to a Symantec Gateway Security device that connects to the internal network.
The 2811 connects the point-to-points together and connects then to the internal network.
I like your recommendation against using 192.168.1.xxx. I was planning on using that, and I will have VPN users. I imagine it would result in a DNS nightmare... :)
I'm not sure what you mean by the Proxy, but with that exception, your outline is my plan.
Freya28,
At this point, I'm just exploring the planning and design phases of integration. I'll need help configuring later. :)
-adam.
ASKER
Also, I can't afford, nor do I have an appropriate location at each site for an DC...
I'd like this scenario, but in my situation is won't work.
-adam.
I'd like this scenario, but in my situation is won't work.
-adam.
i agree with not using 192.168.1.0 also. i would actually go with either a 172.16.0.0 - 172.31.255.255 or a 10.0.0.0 - 10.255.255.255 scheme. but it is a pretty simple design
if you have the AD servers at each site, then have those servers perform dns and dhcp for their local site. this way if the link tot he main site goes down, they can still function as a LAN (printing, file sharing) if they obtained dhcp from the main site and the connection went down, they would eventually lose their IP's and therefore unable to communicate.
if you have the AD servers at each site, then have those servers perform dns and dhcp for their local site. this way if the link tot he main site goes down, they can still function as a LAN (printing, file sharing) if they obtained dhcp from the main site and the connection went down, they would eventually lose their IP's and therefore unable to communicate.
i understand that you dont have an appropriate location for additonal servers, but you SHOULD make the room. it woudl make your job that much easier. is it AD 2000 or above?
ASKER
Freya28,
Why not 192?
-adam.
Why not 192?
-adam.
ASKER
Forest and Domain are 2003
-adam.
-adam.
no reason. 192's are fine, the only reason why I saw that is because yes more and more people know not to use it and to be somewhat safer, i use the others. but dont get me wrong it doesnt make you safer. just probably less of a change that someone else you are connecting with has the same ip schema
ASKER
Gotcha.
-adam.
-adam.
With only 2-5 users at the remote sites I can hardly justify dedicating a local DC server for them. They will work just fine over the WAN. As I said, you can use the router itself as the local DHCP server.
I'm glad you have a firewall between the LAN and the Internet.
A Proxy server is just an option that gives you some extra control over allowing users out/restricting Internet use by using Group Policies in AD. It also accelerates the "user experience" for remote users by caching most-used web pages locally. Windows ISA2004 is pretty good for this in a proxy cache-only configuration.
I'm glad you have a firewall between the LAN and the Internet.
A Proxy server is just an option that gives you some extra control over allowing users out/restricting Internet use by using Group Policies in AD. It also accelerates the "user experience" for remote users by caching most-used web pages locally. Windows ISA2004 is pretty good for this in a proxy cache-only configuration.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Freya28,
You make a good point. For us, being that nearly every resource (excluding a printer or two) is at the main office, if the WAN link is down, having a DC won't really do any good.
Time will have to tell. If these point-to-point T1's go down on occasion, perhaps management will allot me some more money to get some low-end DC's.
Thank you both, Irmoore and Freya28, for going beyond answering my original question! Adopting new ideas and methodologies is what IT is about!
-adam.
You make a good point. For us, being that nearly every resource (excluding a printer or two) is at the main office, if the WAN link is down, having a DC won't really do any good.
Time will have to tell. If these point-to-point T1's go down on occasion, perhaps management will allot me some more money to get some low-end DC's.
Thank you both, Irmoore and Freya28, for going beyond answering my original question! Adopting new ideas and methodologies is what IT is about!
-adam.
thank you and good luck
Internet T1 --> T1 router-->Firewall
|
Proxy----- LAN 192.168.111.x
|
P2P Router <---> Site 2 192.168.122.x
<---> Site 3 192.168.123.x