• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 333
  • Last Modified:

site to site vpn connection to sbs server

I have a client who is opening a second location for their business. They have a sql based application that they wish to access from the remote location. There will be approx 4 pc's to start at the remote location. THe main office will have sbs2003 premium. I plan on setting up 2 sonic wall vpn firewall appliances and connecting them with a site to site vpn tunnel. I have never configured this before, but support several networks where it was setup already. I understand that you have to have 2 separate IP address ranges for each location. 192.168.1.x and 192.168.2.x for example. Where it gets confusing for me is when you setup the remote office you have to use the router/firewall for DHCP and a default gateway for internet. Why couldn't you just setup the whole network on the same subnet and have your primary sbs server provide dhcp services for the remote site as well? I'm finding that I have dns issues with the current setups and have to modify the lmhosts files on the remote pc's in order for services such as joining the domain through the connect computer wizard to work properly......
0
williamstechnologygroup
Asked:
williamstechnologygroup
  • 4
  • 3
  • 2
1 Solution
 
Rob WilliamsCommented:
Routing is based on subnets. If the local and remote subnets are the same the packets are retained locally and never forwarded to the remote site. They MUST be different. I would also recommend avoid using common subnets like 192.168.0.x and 192.168.1.x in case you ever have software VPN clients connecting from home subnets that may conflict.

It is possible to use a DHCP helper and have the SBS as the DHCP server for local and remote  clients but defining and configuring the two subnets is difficult.

If the remote clients are assigned the SBS, and only the SBS as their DNS server there should be no problem with name resolution and joining the domain.
0
 
tl121000Commented:
After you establish a tunnel - you can set up DHCP relay between the f/w.
The two networks can have the same subnet and they will communicate as if they are one logical.
http://www.sonicwall.com/downloads/Site_to_Site_VPN_Using_DHCP_over_VPn__SonicOS_Enhanced_at__.pdf
 
 
 
0
 
tl121000Commented:
Let me clarify - the two networks can have the same internal subnet (192.168.x.x, 10.x.x.x, 172.16-31.x.x).  They can be the same.  The distinct public IP addresses will allow the two locations to route and establish a VPN connection.
http://www.sonicwall.com/downloads/Site_to_Site_VPN_Using_DHCP_over_VPn__SonicOS_Enhanced_at__.pdf
 
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
Rob WilliamsCommented:
I am afraid the subnets need to be different and they are in your example tl121000.
The WAN subnets are the same in the example because in a test environment or if connected by some form of direct link they would be the same. But in williamstechnologyg& that will be replaced by the Internet.
0
 
tl121000Commented:
RobWill
Duh - You know what...  you're right!  The packets will not transverse the router interface, since the network will believe they are "local".
OKAY so two different subnets - but what you need is two  set up DHCP on the main (central) F/W and allow forward DHCP request to that server.    
 
http://www.sonicwall.com/downloads/Site_to_Site_VPN_Using_DHCP_over_VPn__SonicOS_Enhanced_at__.pdf 
0
 
williamstechnologygroupAuthor Commented:
Thanks, after thinking about this- maybe i'm making this too difficult. Would the standard way of setting this up be to have the sbs server at the main location handle dhcp and have the router at the remote location handle dhcp for it's clients?
As RobWill mentioned, as long as I have the sbs server as the only dns server at both locations I should be ok with name resolution.
0
 
Rob WilliamsCommented:
>>"Would the standard way of setting this up be to have the sbs server at the main location handle dhcp and have the router at the remote location handle dhcp for it's clients?"
Yes

>>"as long as I have the sbs server as the only dns server at both locations I should be ok with name resolution."
Yes.
If your router (at the remote site supports it add a s many scope options as possible
SBS as DNS (ONLY)
SBS as WINS
domain suffix of the SBS site  MyDomaiin.local
If the last option is not present it is a good idea to add it to the remote clients manually, under the NIC advanced DNS tab. If they are members of the domain the suffix will already be present.
0
 
williamstechnologygroupAuthor Commented:
thanks for the help, it will be a while before I setup, but now I know why I need to setup the separate subnets and how to setup dns
0
 
Rob WilliamsCommented:
Thanks williamstechnologygr. Good luck with the project.
Cheers!
--Rob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now