Solved

Domain Access via VPN

Posted on 2009-04-05
3
257 Views
Last Modified: 2012-05-06
Hi,

I currently have a system I am doing work on (just took over) and they have two sites, one local running on subnet 192.168.1.x and an remote site running on 192.168.2.x.

The main site (1.x) has a 2003 SBS PC (1.11) and 2 Snapgear routers. One router (1.8) is used as the default gateway and the second router (1.6) is used to establish a VPN connection to the remote site (router to router VPN, remote router is 2.6).

What I would like to do is have the remote site (x.2) be able to see and join the 2003 SBS DC (1.11).

If I set the Gateway for the SBS Box to 192.168.1.6 (VPN router) I can see it on the remote site (via IP not name), but that causes allot of other problems. I have also tried adding 192.168.1.6 as a "secondary" gateway in TCP/IP settings (with a metric of 1) and that does not seem to help.

I have setup similar things befor with static routes/subnet trusts but this was using 1 router at the main site not 2.

Let me know if you need any more info about the setup.
0
Comment
Question by:OnemindIT
3 Comments
 
LVL 3

Expert Comment

by:Tingathewinga
ID: 24075025
Hi there, this would be easy with 2 SG-300's which would do VPN and gateway duties, IPSEC tunnel between sites, and just set the 2 firewalls as the gateways on each end, they look after the routing.
So I would look at simplifying the network (if you can) and go from there.
0
 
LVL 14

Accepted Solution

by:
Roachy1979 earned 500 total points
ID: 24076497
You don't need  a sceondary gateway - you just need a persistent route to the other network via the VPN.

Your clients o n the remote site will need to have the DC at site 1 as an authoritative nameserver......the easiest way to achieve this is to have the primary nameserver set to the SBS when the route is set up.  Then, as long as the link is stable, joining the domain should be no problem.

Each client that needs to talk across the vpn would need to be aware of the route to the other network.

a route addition command looks like

route add <destination network/host> mask <subnet mask> <router address> <persistent if required using -p>

so in your case the route on the sbs side (all hosts that need to connect) would need to be

route add 192.168.2.0 mask 255.255.255.0 192.168.1.6 -p

At the remote site a route would need to be created on each machine that needs to connect across the vpn to show

route add 192.168.1.0 mask 255.255.255.0 192.168.2.6 -p

Route addition scripts can be created using a batch file or via a login script if required....

Remember to leave a local DNS server as secondary on the remote site or things will break if the VPN link goes down.  

(also if you're handling authentication using AD, I'd recommend running a local DC/GC at the remote site....)

Hope this helps

P
0
 

Author Closing Comment

by:OnemindIT
ID: 31566886
Thanks!
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now