Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Site to Site VPN

Posted on 2007-03-17
5
Medium Priority
?
350 Views
Last Modified: 2010-04-09
Hi  please have a look at the following setup:

Site A
OS: Windows 2003 Standard
Services: Exchange, AD, Apps, Files
Firewall: Cisco PIX 506e

Site B
OS: Windows SBS
Services: Exchange, AD, Files
Firewall Cisco PIX 501

Now because the Site B doesn't have many users I want to decommission the server there so that users can log on to the main AD on Site A.  I want to try out site to site VPN.  Can anyone give me hints?  Is there a way that users can log in straight to the other network.  I want the VPN to be invisible to the users so they don't have to log in.  Many thanks
OS:
0
Comment
Question by:KhalidJ
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 22

Expert Comment

by:Olaf De Ceuster
ID: 18740058
In this scenario SBS needs to be the PDC of a single domain and as such you should move to site A and Server 2003 to site B.
You can certainely use the SBS VPN (SBS Connection) to join your users remotely (or use RWW)
Even better: Keep your server 2003 and join it to the SBS domain as a Domain controller (You want to do this locally and you NEED to use the Add new server wizard in Server Management on SBS). This will replicate your users. Setup the  server  2003 as DHCP and DNS getting it's user data over VPN (Tunnel) from the SBS server. (SBS and Server 2k3 will need to be on unique subnets)
This will mean that the AD is replicated  and even if you loose internet your users will still be able to logon locally (=SiteA)
If you use R2 versions you can Replicate files too. Very easy with very little Internet overhead. Very cool.
Since you have exchange on Server 2003 you could set that up as a backup mail server too.
Or for remote users use RPC over Http. Users won't know the difference and be able to use outlook normally (even if the VPN drops but Internet is active).
If you need help with any of this please don't hesitate to ask.
Olaf
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 1000 total points
ID: 18740790
If you create a site-site VPN tunnel between the two PIX firewalls, you can then de-commision the SBS server and users can join the domain at SiteA and work just like the server was local. All it takes is proper DNS setup on the AD so that users in site B can resolve the SRV records for the domain.
They will still be on two different subnets, so I think you would have to define the subnet for siteB in AD.

Here's example for simple site-site VPN with PIX
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml
0
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 18741333
is the windows server insite A part of sbs domain ?
and are you decomissioning the sbs dc ??
0
 
LVL 1

Author Comment

by:KhalidJ
ID: 18759472
Site A is on a different domain.  Plan is to use a single domain only.
0
 
LVL 22

Expert Comment

by:Olaf De Ceuster
ID: 18760631
The scenariao I proposed needs to be single domain with SBS server as main server.
This also means you don't need any server 2003 licenses only sbs licenses.
Olaf
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question