Solved

Connecting two sites via VPN on a Windows SBS 2003 R2 domain

Posted on 2007-03-31
17
215 Views
Last Modified: 2010-04-19
I want to connect a branch office (Site 1) to the main office (Site 0) via a VPN. Here's what each site consists of:

Main Office - Site 0
Small Business Server 2003 R2
DrayTek 2600G ADSL Router
IP Range: 10.1.1.x/255.0.0.0

Branch Office - Site 1
DrayTek 2600G ADSL Router
IP Range: 10.1.2.x/255.0.0.0

I've managed to establish the VPN connection between each router no problem, however I cannot resolve hostnames from Site 1 to Site 0 and all workstations on Site 1 cannot see the domain or connect to the server.

Any idea how to fix this?

Thanks in advance.
0
Comment
Question by:DReade83
17 Comments
 
LVL 15

Expert Comment

by:plimpias
ID: 18830248
Make sure you DNS Setting in SIte 1 is pointing to your SBS server in Site 0

If you have enough licenses i would recommend setting up a windows 2003 member server in Site 1 as DNS server. Depending on the amount of clients you have. Under 20 i wouldnt' worry about it.
0
 
LVL 15

Expert Comment

by:plimpias
ID: 18830253
The DHCP setting for DNS in site 1 should be pointing DNS to 10.1.1.X (your sbs server) and not your ISP's dns server.
0
 

Author Comment

by:DReade83
ID: 18830300
OK. Something else I need to mention is both routers are also providing Internet access, so if I point the DNS on Site 1 to Site 0, then the clients on Site 1 won't be able to access the Internet.
0
 
LVL 15

Expert Comment

by:plimpias
ID: 18830323
Thats untrue. Site0 DNS server should have forwarded put in pointing to the ISP's DNS server.

Active directory needs DNS. DNS is closely integrated with AD. It is imported to have all clients point to your AD DNS servers first. then your server will forward if it can't resolve

Make sure you forwarders are setup in your DNS server

On the server. Right click your server in DNS and go to properties. Go to the forwarders tab and verify that your dns servers to your ISP are listed.
0
 
LVL 15

Expert Comment

by:plimpias
ID: 18830333
Your right that If Site 0 goes down then Site 1 won't be able to access the internet. If you are using a hosted solution and require internet to run your business then thats why i would recommend putting in a DNS server in Site 1
0
 

Author Comment

by:DReade83
ID: 18830367
Wouldn't a router upgrade help? One with a DNS Server built-in?

DrayTek's generally don't have DNS Servers, well the 2600G definitely doesn't. It's only a DNS Client.

If a router upgrade would be the answer, something like a Cisco 857 would probably be the answer. Is this correct?
0
 
LVL 15

Expert Comment

by:plimpias
ID: 18830400
Windows 2003 DNS is cabable of interoperting with various version on BIND. It is important to look at the version of bind you are wanting to use and see how it intergrated with windows 2003 DNS.

Im an not aware of a Cisco Router that has DNS zone support. But if you want to throw in a Unix or linux box you can.
0
 
LVL 15

Expert Comment

by:plimpias
ID: 18830410
Again the theory is. If site 0 goes down and that is your main site that houses all of your docs and database. Then whats the point of site 1 having internet. These days internet connections don't go down that often. But if it is a problem then i would consider buying a windows 2003 license for 750 and adding a small pc for DNS. It might even be a good idea to make it a DC for backup purposes. Just depends on the number of clients you have in Site 1
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:DReade83
ID: 18830448
Ah, I understand.

So all I need to do right now is add the Server IP to the router's DNS on Site 1, to point to the server on Site 0. This means that any DNS queries for Internet sites from Site 1 will be sent to Site 0, then back to Site 1 where the router on Site 1 will still act as the Internet gateway. Is this correct?

What I don't want is for both routers to be sending Internet content to one another as the upload rate on either isn't great - only 448Kbit (with a download rate of about 6Mbit to 8Mbit per router).

So in effect, I need to know that the routers will only be sending/receiving internal traffic and Internet DNS queries - that's all. Would this be the case?
0
 
LVL 15

Accepted Solution

by:
plimpias earned 500 total points
ID: 18830484
So all I need to do right now is add the Server IP to the router's DNS on Site 1

No no. No to the routers DNS. You make the change on the DHCP setting for DNS> so all your clients get the dns server for the SBS server

router on Site 1 will still act as the Internet gateway. Is this correct?

Yes that is correct. The only thing is that Site0 server is going to give you were to find your domain names. But all the traffic to the internet will go out of Site0 router using hte internet service at site0

What I don't want is for both routers to be sending Internet content to one another as the upload rate on either isn't great

Won't be a problem with internet traffic. The only traffic is going to be DNS lookups which are is small traffic.

So in effect, I need to know that the routers will only be sending/receiving internal traffic and Internet DNS queries - that's all. Would this be the case?

Site0 will use Site1 sbs server for DNS lookup. Internet traffic will be routed by each site.

Site0 will have its own internet and Site1 will have its own internet.
0
 
LVL 15

Expert Comment

by:plimpias
ID: 18830499
No no. No to the routers DNS. You make the change on the DHCP setting for DNS> so all your clients get the dns server for the SBS server


I meant you need to make the cahnge on the DHCP settings on your router for the DNS settings. If your router in site1 is hosting DHCP

otherwise if your clients are have static ip addresses then you wil lneed to change them manually.
0
 

Author Comment

by:DReade83
ID: 18830596
Yeah, that's what I meant. I take it it'll be OK to run two DHCP servers on the same network, as long as the IP ranges are different (10.1.1.x and 10.1.2.x)? I ask as SBS and Windows 2003 DNS servers usually have a fit if they see another DHCP on the same network / subnet.

Is there anything I need to do to either DHCP servers to split them apart, or will running them on different IP ranges be the answer?
0
 
LVL 15

Expert Comment

by:plimpias
ID: 18830620
I take it it'll be OK to run two DHCP servers on the same network, as long as the IP ranges are different (10.1.1.x and 10.1.2.x)?

It's not ok on the same network. But in your case you have two networks seperated by routers. So it is ok.

Is there anything I need to do to either DHCP servers to split them apart, or will running them on different IP ranges be the answer?

Nothing you need to do. In fact DHCP server in Site0 and DHCP server in Site1 wont' even see eachother in traffic.



0
 

Author Comment

by:DReade83
ID: 18830640
Brilliant. I should be able to try out this solution today (Sunday), so I'll let you know how I get on.

Thanks for your help!
0
 
LVL 15

Expert Comment

by:plimpias
ID: 18830642
Keep us posted.
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 21181230
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup Zone:
    Accept: plimpias {http:#18830484}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

MrHusy
 Experts Exchange Cleanup Volunteer
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21208432
Forced accept.

Computer101
EE Admin
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now