How to configure SBS 2008 with dual VPN router-to-router


I have a customer with 3 locations:
- MAIN location, with VPN router server, IP + SBS 2008 with DHCP on SBS server
- STORE location, with VPN client router, IP, DHCP on router
- SHOP location, with VPN client router, IP, DHCP on router

Now, both STORE and SHOP locations connect to MAIN office via VPN IPSec, where routers are configured - MAIN is "VPN SERVER", STORE and SHOP are "VPN CLIENTS".
SBS 2008 server R2 is located at MAIN location, serving 4 local clients.

VPN works fine, connection is stable, approx. 40-45 ms PING in idle, 2 Mbps/512 ADSL speed.

The PROBLEM is that I want to join 2 client computers at STORE and SHOP location into main SBS domain, but I am wondering what to do with IP settings:
- if I configure the same subnet 192.168.0.x at all 3 locations, then VPN would not work stable
- but if I leave as is, meaning each location has its own IP subnet, VPN is stable, but HOW TO CONFIGURE SBS 2008 server to allow joining computer from another subnet?
LVL 18
Andrej PirmanAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You shouldn't configure all machines in the same subnet, that will not work at all.

What I suggest you do is configure the store and shop clients to use the Main location SBS as the DNS servers. The DNS servers hold information regarding domain configuration. And then attempt to add them to domain.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DHCP -  configure DNS server = IP address of SBS server.

All clients must point to SBS for DNS (and no where else)...  SBS server should be configured to resolve internet requests on behalf of the clients.

yes it should use the isp dns as forwarders.
Andrej PirmanAuthor Commented:
Thank you for comments.

As I understand, I need to modify DHCP on SBS to deliver IP addresses not only in its own IP subnet (, but also on 2 additional subnets:

...which also means that I need to add those IP subnets to SBS box, so SBS will have these static IPs:
- (this is SBS IP now)

Also, I need to stop DHCP servers on both VPN client routers, and configure DHCP forwarders instead, which both point to SBS DHCP.

All these changes I need to config manually.

Is this correct?

...or should I only configure DHCP in VPN client routers to use SBS's IP as primary DNS?
No,  you should leave the SBS dhcp alone.

You should however configure the DHCP on the Client router to give out the DNS settings to the clients as the IP of the SBS or you can also try configuring the SBS IP as DNS forwarder on the Client routers.  

...or should I only configure DHCP in VPN client routers to use SBS's IP as primary DNS?  - That is one of the options
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.