?
Solved

Site to Site VPN

Posted on 2007-03-17
5
Medium Priority
?
346 Views
Last Modified: 2010-04-09
Hi  please have a look at the following setup:

Site A
OS: Windows 2003 Standard
Services: Exchange, AD, Apps, Files
Firewall: Cisco PIX 506e

Site B
OS: Windows SBS
Services: Exchange, AD, Files
Firewall Cisco PIX 501

Now because the Site B doesn't have many users I want to decommission the server there so that users can log on to the main AD on Site A.  I want to try out site to site VPN.  Can anyone give me hints?  Is there a way that users can log in straight to the other network.  I want the VPN to be invisible to the users so they don't have to log in.  Many thanks
OS:
0
Comment
Question by:KhalidJ
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 22

Expert Comment

by:Olaf De Ceuster
ID: 18740058
In this scenario SBS needs to be the PDC of a single domain and as such you should move to site A and Server 2003 to site B.
You can certainely use the SBS VPN (SBS Connection) to join your users remotely (or use RWW)
Even better: Keep your server 2003 and join it to the SBS domain as a Domain controller (You want to do this locally and you NEED to use the Add new server wizard in Server Management on SBS). This will replicate your users. Setup the  server  2003 as DHCP and DNS getting it's user data over VPN (Tunnel) from the SBS server. (SBS and Server 2k3 will need to be on unique subnets)
This will mean that the AD is replicated  and even if you loose internet your users will still be able to logon locally (=SiteA)
If you use R2 versions you can Replicate files too. Very easy with very little Internet overhead. Very cool.
Since you have exchange on Server 2003 you could set that up as a backup mail server too.
Or for remote users use RPC over Http. Users won't know the difference and be able to use outlook normally (even if the VPN drops but Internet is active).
If you need help with any of this please don't hesitate to ask.
Olaf
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 1000 total points
ID: 18740790
If you create a site-site VPN tunnel between the two PIX firewalls, you can then de-commision the SBS server and users can join the domain at SiteA and work just like the server was local. All it takes is proper DNS setup on the AD so that users in site B can resolve the SRV records for the domain.
They will still be on two different subnets, so I think you would have to define the subnet for siteB in AD.

Here's example for simple site-site VPN with PIX
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml
0
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 18741333
is the windows server insite A part of sbs domain ?
and are you decomissioning the sbs dc ??
0
 
LVL 1

Author Comment

by:KhalidJ
ID: 18759472
Site A is on a different domain.  Plan is to use a single domain only.
0
 
LVL 22

Expert Comment

by:Olaf De Ceuster
ID: 18760631
The scenariao I proposed needs to be single domain with SBS server as main server.
This also means you don't need any server 2003 licenses only sbs licenses.
Olaf
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question