Site to Site VPN implementation using ASA 5505

Hello, I'm going to be setting up a site to site VPN using our Cisco ASA 5505.  The two sites are laid out like this:  Site1 has an a Domain Controller running SBS 03 and is setup as a DNS, DHCP and Exchange server which is behind a Cisco ASA 5505.  Site2 has a Domain controller running W2k and is setup as a DNS, DHCP server which is also behind a Cisco ASA 5505.  Internal addresses for both sites are the same 192.168.1.1-.254.  I'm really looking for thoughts on what would be the most logical way to set the VPN up because I'm not sure if:  1. if you have to change one of the sites internal IP subnetmask.  2.  if you'll have to change the Cisco ASA 5505 internal address on one of the sites.  3.  If you have to turn DNS and DHCP off on one of the servers.  4.  If using the VPN wizard on the Cisco ASA will take care of all my listed problems.  5.  Should I create zones with the servers to make this whole thing easier.
I really don't want to use the W2k server on Site2, I am actually thinking about taking it out of the picture and later upgrading it to SBS 03, so what I was thinking of doing was just taking that server out, change the internal ip of the site2 Cisco asa and then joining the sites via the VPN wizard.  Does that sound like it would work or does anyone see any problems with that?  Thanks for any input.  
tourist08Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rsivanandanCommented:
Best solution would be to rework and change the ip subnet on the remote site.

The other solution would be to nat the remote side subnet to something else while connected through VPN.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml

The link above should show you how to approach the second option.

Cheers,
Rajesh
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tourist08Author Commented:
Now would I have to change anything as far as DNS on the remote site?  Because I'm curious how the remote site will see the Exchange server on the main site as if it were on the same network (so outlook can be setup without having to use OWA) or will the VPN setup handle this?  I'm going to try all this tomorrow but for now I'm just trying to get an idea how it will all come together.  
0
rsivanandanCommented:
Why are you deleting this question? Did you go through the link, the problem you have is not just one unique you have, actually a lot of networks do have this.

As far as your DNS and other servers go, routing takes care of all of that. For example, it is not necessary to have the DNS server on the same subnet as your network is.

Cheers,
Rajesh
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

tourist08Author Commented:
Sorry I got a little jumpy with deleting the question.  You were right though two subnets is easier.  Can I still reward you points?
0
tourist08Author Commented:
Thanks again
0
rsivanandanCommented:
Try it out and lemme know.

Cheers,
Rajesh

Thnx for the points.
0
tourist08Author Commented:
I tried it out and with a little tweaking with the firewall(thanks to batryboy) and conditional forwarding with the DNS serves everything is good.  What I wanted to get with my question was basically some ideas of different setups and difficulty ranges just to get a view on what's possible.  And when nobody really answered I figured it might have been a stupid question.  Thanks for the suggestion though, that's what worked.  
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Operations

From novice to tech pro — start learning today.