We help IT Professionals succeed at work.
Get Started

Cross Domain host resolution and authentication over a site to site vpn tunnel

turner20 asked
Last Modified: 2012-05-11
Hi Experts,

My company (Comp_A) is currently working on a collaborative project with another company (Comp_B).  We have some of our staff sitting within their office (on laptops) connected to their network (not domain); the main file server is joined to Comp_B domain.  Our users have been issued with a user account on Comp_B's domain which they use to access the local network shares and print servers, but they also need to access the remote network shares in Comp_A domain.  The data on the file server in Comp_B domain will also need to be accessed from users over the WAN from Comp_A network. We have configured a Site-to-Site VPN to accomplish this, we can ping any host on each side of the VPN from the other but we cannot resolve hosts as yet on each side.  I did raise the idea of creating a trust between the two domains, but unfortunately the idea was rejected.    

I have two issues:-

1. What is the best way to configure the DNS in this scenario so my users in Comp_A domain can resolve hosts in Comp_B domain and vice versa?  I have thought about placing HOSTS files on my user’s laptops and workstations but it would not be ideal due to the number and rotation of the staff working on the collaborative project.  

2. My users (joined to Comp_A domain) when working on their laptops on Comp_B's network are being prompted for a username and password when they try and connect to network shares in Comp_A's network over the site to site VPN tunnel - i currently have temporary host file on the users laptops detailing Comp_A's hosts and ip's but they don't seem to be able to authenticate against the DC's - how can i achieve this over the vpn tunnel so they aren’t  prompted for a username and password each morning? (i would use vpn client software but we have WAN optimisers at each end of the tunnel so we need traffic to flow through the tunnel not over a vpn client connection for optimisation to work).  

Comp_A is running W2K8 with AD2008, Comp_B is running W2K3 with AD2003.
Comp_A has multiple subnets in the range, Comp_B has one subnet    

Any ideas would be appreciated....

Watch Question
This problem has been solved!
Unlock 2 Answers and 3 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE