Solved

Site to Site VPN

Posted on 2007-03-17
5
321 Views
Last Modified: 2010-04-09
Hi  please have a look at the following setup:

Site A
OS: Windows 2003 Standard
Services: Exchange, AD, Apps, Files
Firewall: Cisco PIX 506e

Site B
OS: Windows SBS
Services: Exchange, AD, Files
Firewall Cisco PIX 501

Now because the Site B doesn't have many users I want to decommission the server there so that users can log on to the main AD on Site A.  I want to try out site to site VPN.  Can anyone give me hints?  Is there a way that users can log in straight to the other network.  I want the VPN to be invisible to the users so they don't have to log in.  Many thanks
OS:
0
Comment
Question by:KhalidJ
5 Comments
 
LVL 22

Expert Comment

by:Olaf De Ceuster
ID: 18740058
In this scenario SBS needs to be the PDC of a single domain and as such you should move to site A and Server 2003 to site B.
You can certainely use the SBS VPN (SBS Connection) to join your users remotely (or use RWW)
Even better: Keep your server 2003 and join it to the SBS domain as a Domain controller (You want to do this locally and you NEED to use the Add new server wizard in Server Management on SBS). This will replicate your users. Setup the  server  2003 as DHCP and DNS getting it's user data over VPN (Tunnel) from the SBS server. (SBS and Server 2k3 will need to be on unique subnets)
This will mean that the AD is replicated  and even if you loose internet your users will still be able to logon locally (=SiteA)
If you use R2 versions you can Replicate files too. Very easy with very little Internet overhead. Very cool.
Since you have exchange on Server 2003 you could set that up as a backup mail server too.
Or for remote users use RPC over Http. Users won't know the difference and be able to use outlook normally (even if the VPN drops but Internet is active).
If you need help with any of this please don't hesitate to ask.
Olaf
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 18740790
If you create a site-site VPN tunnel between the two PIX firewalls, you can then de-commision the SBS server and users can join the domain at SiteA and work just like the server was local. All it takes is proper DNS setup on the AD so that users in site B can resolve the SRV records for the domain.
They will still be on two different subnets, so I think you would have to define the subnet for siteB in AD.

Here's example for simple site-site VPN with PIX
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml
0
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 18741333
is the windows server insite A part of sbs domain ?
and are you decomissioning the sbs dc ??
0
 
LVL 1

Author Comment

by:KhalidJ
ID: 18759472
Site A is on a different domain.  Plan is to use a single domain only.
0
 
LVL 22

Expert Comment

by:Olaf De Ceuster
ID: 18760631
The scenariao I proposed needs to be single domain with SBS server as main server.
This also means you don't need any server 2003 licenses only sbs licenses.
Olaf
0

Join & Write a Comment

Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now