Domain Access via VPN

Hi,

I currently have a system I am doing work on (just took over) and they have two sites, one local running on subnet 192.168.1.x and an remote site running on 192.168.2.x.

The main site (1.x) has a 2003 SBS PC (1.11) and 2 Snapgear routers. One router (1.8) is used as the default gateway and the second router (1.6) is used to establish a VPN connection to the remote site (router to router VPN, remote router is 2.6).

What I would like to do is have the remote site (x.2) be able to see and join the 2003 SBS DC (1.11).

If I set the Gateway for the SBS Box to 192.168.1.6 (VPN router) I can see it on the remote site (via IP not name), but that causes allot of other problems. I have also tried adding 192.168.1.6 as a "secondary" gateway in TCP/IP settings (with a metric of 1) and that does not seem to help.

I have setup similar things befor with static routes/subnet trusts but this was using 1 router at the main site not 2.

Let me know if you need any more info about the setup.
OnemindITAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Roachy1979Connect With a Mentor Commented:
You don't need  a sceondary gateway - you just need a persistent route to the other network via the VPN.

Your clients o n the remote site will need to have the DC at site 1 as an authoritative nameserver......the easiest way to achieve this is to have the primary nameserver set to the SBS when the route is set up.  Then, as long as the link is stable, joining the domain should be no problem.

Each client that needs to talk across the vpn would need to be aware of the route to the other network.

a route addition command looks like

route add <destination network/host> mask <subnet mask> <router address> <persistent if required using -p>

so in your case the route on the sbs side (all hosts that need to connect) would need to be

route add 192.168.2.0 mask 255.255.255.0 192.168.1.6 -p

At the remote site a route would need to be created on each machine that needs to connect across the vpn to show

route add 192.168.1.0 mask 255.255.255.0 192.168.2.6 -p

Route addition scripts can be created using a batch file or via a login script if required....

Remember to leave a local DNS server as secondary on the remote site or things will break if the VPN link goes down.  

(also if you're handling authentication using AD, I'd recommend running a local DC/GC at the remote site....)

Hope this helps

P
0
 
TingathewingaCommented:
Hi there, this would be easy with 2 SG-300's which would do VPN and gateway duties, IPSEC tunnel between sites, and just set the 2 firewalls as the gateways on each end, they look after the routing.
So I would look at simplifying the network (if you can) and go from there.
0
 
OnemindITAuthor Commented:
Thanks!
0
All Courses

From novice to tech pro — start learning today.