Cross Domain host resolution and authentication over a site to site vpn tunnel
Hi Experts,
My company (Comp_A) is currently working on a collaborative project with another company (Comp_B). We have some of our staff sitting within their office (on laptops) connected to their network (not domain); the main file server is joined to Comp_B domain. Our users have been issued with a user account on Comp_B's domain which they use to access the local network shares and print servers, but they also need to access the remote network shares in Comp_A domain. The data on the file server in Comp_B domain will also need to be accessed from users over the WAN from Comp_A network. We have configured a Site-to-Site VPN to accomplish this, we can ping any host on each side of the VPN from the other but we cannot resolve hosts as yet on each side. I did raise the idea of creating a trust between the two domains, but unfortunately the idea was rejected.
I have two issues:-
1. What is the best way to configure the DNS in this scenario so my users in Comp_A domain can resolve hosts in Comp_B domain and vice versa? I have thought about placing HOSTS files on my user’s laptops and workstations but it would not be ideal due to the number and rotation of the staff working on the collaborative project.
2. My users (joined to Comp_A domain) when working on their laptops on Comp_B's network are being prompted for a username and password when they try and connect to network shares in Comp_A's network over the site to site VPN tunnel - i currently have temporary host file on the users laptops detailing Comp_A's hosts and ip's but they don't seem to be able to authenticate against the DC's - how can i achieve this over the vpn tunnel so they aren’t prompted for a username and password each morning? (i would use vpn client software but we have WAN optimisers at each end of the tunnel so we need traffic to flow through the tunnel not over a vpn client connection for optimisation to work).
FYI:-
Comp_A is running W2K8 with AD2008, Comp_B is running W2K3 with AD2003.
Comp_A has multiple subnets in the 10.10.0.0/16 range, Comp_B has one subnet 192.168.1.0/24
Any ideas would be appreciated....
Thanks.
My company (Comp_A) is currently working on a collaborative project with another company (Comp_B). We have some of our staff sitting within their office (on laptops) connected to their network (not domain); the main file server is joined to Comp_B domain. Our users have been issued with a user account on Comp_B's domain which they use to access the local network shares and print servers, but they also need to access the remote network shares in Comp_A domain. The data on the file server in Comp_B domain will also need to be accessed from users over the WAN from Comp_A network. We have configured a Site-to-Site VPN to accomplish this, we can ping any host on each side of the VPN from the other but we cannot resolve hosts as yet on each side. I did raise the idea of creating a trust between the two domains, but unfortunately the idea was rejected.
I have two issues:-
1. What is the best way to configure the DNS in this scenario so my users in Comp_A domain can resolve hosts in Comp_B domain and vice versa? I have thought about placing HOSTS files on my user’s laptops and workstations but it would not be ideal due to the number and rotation of the staff working on the collaborative project.
2. My users (joined to Comp_A domain) when working on their laptops on Comp_B's network are being prompted for a username and password when they try and connect to network shares in Comp_A's network over the site to site VPN tunnel - i currently have temporary host file on the users laptops detailing Comp_A's hosts and ip's but they don't seem to be able to authenticate against the DC's - how can i achieve this over the vpn tunnel so they aren’t prompted for a username and password each morning? (i would use vpn client software but we have WAN optimisers at each end of the tunnel so we need traffic to flow through the tunnel not over a vpn client connection for optimisation to work).
FYI:-
Comp_A is running W2K8 with AD2008, Comp_B is running W2K3 with AD2003.
Comp_A has multiple subnets in the 10.10.0.0/16 range, Comp_B has one subnet 192.168.1.0/24
Any ideas would be appreciated....
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER