• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 354
  • Last Modified:

Site to Site VPN

Hi  please have a look at the following setup:

Site A
OS: Windows 2003 Standard
Services: Exchange, AD, Apps, Files
Firewall: Cisco PIX 506e

Site B
OS: Windows SBS
Services: Exchange, AD, Files
Firewall Cisco PIX 501

Now because the Site B doesn't have many users I want to decommission the server there so that users can log on to the main AD on Site A.  I want to try out site to site VPN.  Can anyone give me hints?  Is there a way that users can log in straight to the other network.  I want the VPN to be invisible to the users so they don't have to log in.  Many thanks
OS:
0
KhalidJ
Asked:
KhalidJ
1 Solution
 
Olaf De CeusterCommented:
In this scenario SBS needs to be the PDC of a single domain and as such you should move to site A and Server 2003 to site B.
You can certainely use the SBS VPN (SBS Connection) to join your users remotely (or use RWW)
Even better: Keep your server 2003 and join it to the SBS domain as a Domain controller (You want to do this locally and you NEED to use the Add new server wizard in Server Management on SBS). This will replicate your users. Setup the  server  2003 as DHCP and DNS getting it's user data over VPN (Tunnel) from the SBS server. (SBS and Server 2k3 will need to be on unique subnets)
This will mean that the AD is replicated  and even if you loose internet your users will still be able to logon locally (=SiteA)
If you use R2 versions you can Replicate files too. Very easy with very little Internet overhead. Very cool.
Since you have exchange on Server 2003 you could set that up as a backup mail server too.
Or for remote users use RPC over Http. Users won't know the difference and be able to use outlook normally (even if the VPN drops but Internet is active).
If you need help with any of this please don't hesitate to ask.
Olaf
0
 
lrmooreCommented:
If you create a site-site VPN tunnel between the two PIX firewalls, you can then de-commision the SBS server and users can join the domain at SiteA and work just like the server was local. All it takes is proper DNS setup on the AD so that users in site B can resolve the SRV records for the domain.
They will still be on two different subnets, so I think you would have to define the subnet for siteB in AD.

Here's example for simple site-site VPN with PIX
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml
0
 
Kini pradeepCommented:
is the windows server insite A part of sbs domain ?
and are you decomissioning the sbs dc ??
0
 
KhalidJAuthor Commented:
Site A is on a different domain.  Plan is to use a single domain only.
0
 
Olaf De CeusterCommented:
The scenariao I proposed needs to be single domain with SBS server as main server.
This also means you don't need any server 2003 licenses only sbs licenses.
Olaf
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now