[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How Do I Connect Two Branches Runing Windows 2008

Posted on 2011-10-07
25
Medium Priority
?
385 Views
Last Modified: 2012-05-12
Dear All.
I have two branches both of them running network based system. windows 2008 standard server 64bit with active directory.
all pc are runing windows 7 32bit ultimate.
what is the best way to connect both branches so that user of each site can access all the resources ie the staff in one branch should be able to access everything from the mian office.
in other words if a staff working lets say in Shepherds Bush and then work few days from Brentford branch then he/she should be able to logon to the server in SB branch.
any suggestion with step by step procedure will highly be apprecaites.

at the moment I use public ip address to logon but I dont want the staff the access the server

terminal server is one option but how secure it is ? and what is the best way to set it up any good webiste with step by step guide

i will wait to hear from you

Regards
0
Comment
Question by:CJ
  • 13
  • 12
25 Comments
 
LVL 1

Author Comment

by:CJ
ID: 36933615
Most Importantly I have many network drives which user get access to as soon as he logs on as it runs on a .bat file so I want to make sure when user log on from other branch he gets access to all drives.
0
 
LVL 6

Expert Comment

by:vmagan
ID: 36933624
the easiest way is by creating a trust between the two branches.  Go to domains and trust right click on the site name and go to properties. then go to the trust tab. Select new trust on the bottom and follow the wizard. The same will have to be done on both DCs (meaning on both branches domain controllers). If you need more help let me know.  
0
 
LVL 1

Author Comment

by:CJ
ID: 36933684
many thanksfor quick reply, I will try that tomorrow as my other server doesnt have an public IP address as yet. when I am creating trust I will have to use public ip adrees between 2 sites and will i need to open any ports ?

once the trust is created how will one user logon to the server on the other site. will he have touse the remote desktop or would it be a normal way you logon to server by typing the server name/username if so will the server on one site will know the loging is required to the otherserver by using the public ip address furthermore if 3-4 user require to logon at the same time would that be possible on a single public ip address. sorry to ask all these question. Kind Regards
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 6

Expert Comment

by:vmagan
ID: 36933885
Here is a nice tutorial that should help you with setting up the trust between the two domain.

http://araihan.wordpress.com/2009/08/05/how-to-create-an-external-trust-between-two-domains/

You dont have to open up any ports.  If a user is trying to access resources located on the other domain they would be able to by unc path. ex. \\domain\apps\there folder  and they should have access like that. I have a few clients which i set up with external two way trust and works great.  

Oh and no public ip address information needed.

Let me know how it works out.

Thanks

Vic
0
 
LVL 1

Author Comment

by:CJ
ID: 36935367
Hi Vic

Thanks again. I have few questions

1. My domains are not public domains they are local domains such SB1.local and BF1.local how will they see each other externly ?

2. Both server have two network card each one with local ip 10.0.0.1 and one with public ip 217 range which one do I use when building trust ?

3. I have read the article very helpful but when I try to add into DNS forward zone and click resolve it doesn't resolve I put FQDN and ip adress external or internal it still doesn't resolve ?

4. The way I tried to add the server name was by right clicking on server in forward zone in DNS selecting property and then under server name add where it asks you to add the server name FQDN and ip address and then click on resolve is that the correct way ?

You stated you done it for few clients do they have public domain assign to their server on both sites ? Or do they also have local domains and then trusted by using public ip adress ?

Just need clarifcation

Many thanks
0
 
LVL 6

Expert Comment

by:vmagan
ID: 36936550
Try this method on this article when trying to add a dns record for server A on server B. My clients were local domains. You are on the right track this article should help out big time.

http://araihan.wordpress.com/2009/11/30/how-to-create-an-external-trust-between-two-separate-domainsforests/

Thanks Vic
0
 
LVL 1

Author Comment

by:CJ
ID: 36937181
Hi Vic

Thanks for the info. I fully understood but my question remain the same how two sites are connected although I will try the solution you suggested in the article but I think this article applies to to domain on two different forest but perhaps on the same site as I have two domains on two different forest one for AD and one for exchange both are linked on internal trust or shall I call it as external trust.

What I am trying to do is connect one server which is in brentford london and one in Shepherdsbush london both at different location I don't see or never heard two domains on two different physical location would see each other with local ip address and even with public ip addresses it want see each other unless a proper port is open on the router.

I need to know how to connect two domain servers which can see each other and share resources of each other while being at two different physicall location.

Look forward to hear fronm you.

Regards

CJ
0
 
LVL 6

Expert Comment

by:vmagan
ID: 36939725
what you are going to need is either a wan between them or a vpn tunnel connecting them. I thought they had some sort of connection already sorry. I usually do a vpn tunnel have it so the domains can ping each other then setup the trust for the file sharing.
0
 
LVL 6

Expert Comment

by:vmagan
ID: 36945060
CJ,

any luck? What are you going to be using for the two branches to connect?
0
 
LVL 1

Author Comment

by:CJ
ID: 37052533
Dear Vic

I am trying to setup the VPN between two sites first so that I can ping each other domain and then I will creat a trust.

Do you know any good links to setting up VPN between two sites. I have tried few but not very good sites.

Just a question once VPN is etup between two branches do I leave the connection on at all times I mean VPN  both server connected to each other so users of each branch can access the resources at all time or is there a wray they synchronise time to tine to keep security on top
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37053127
What kind of firewall are you using? and yes the connection between two sites must remain active.
0
 
LVL 1

Author Comment

by:CJ
ID: 37054306
I have windows 2008 standard server on both offices both have two Network cards one with public and one with local ip address.

I have BT business 2wire router on both offices and using router firewalls

I hope this assist.
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37054393
I have never configured a BT Business router. I usually work with Cisco pix or ASA firewalls. Sorry, you will definitely need this vpn tunnel created so that both networks can ping eachother then the trust can be created. You might want to open another question asking for a step by step on vpn tunnels.  

Good Luck
0
 
LVL 1

Author Comment

by:CJ
ID: 37103771
Hi Vic

I have spoken to serveral tech guys in BT and finally I got the answer from one of them that BT router doesn't have the hardware for VPN.

Can you recommend any good VPN routers which are easy to setup ?

May be the one you use may help so if I am stuck setting them atvleast you will be able to help

Regards
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37104008
Cisco asa 5501 is what we use and is pretty straight forward.
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37105004
If you get one and need some assistance let me know. I can walk you through it. You  might have to open up a separate question for that issue though.
0
 
LVL 1

Author Comment

by:CJ
ID: 37110417
Vic
Many thanks I will buy tbe routers and if I need help I will open new question and let u know just finally to re-confirm router are the only option to setup VPN tunnelling ?

It cannot be setup on server 2008 machine ?

We cannot add VPN hardware to existing setup ? i.e attach to BT router or server machine ?
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37111051
You cannot add the vpn on a server 2008 doesn't come with that option. I don't know much about the BT router.

Cisco ASA 5500 would be your best bet.
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37135093
Cj let me know if there is anything else I can do for you in regards to this question?

Also let me know when you purchase the firewall so I can assist you if needed.
0
 
LVL 1

Author Comment

by:CJ
ID: 37240917
Hi Vic
I will be setting up the VPN during Christmas. Can you please guide me where to buy the CISCO ROUTER 5501 which you use. I googled but can't find a seller. Your help will be appreciated. Many thanks. Kind regards
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37318640
Go straight to Ebay, You can definitely find one there. That is where i purchased mine from.
0
 
LVL 1

Author Comment

by:CJ
ID: 37427121
Hi Vic

I have finally bought the CISCO RV220W routers for both branches after spending few weeks I managed to set them up as I didnt know they are not modem.

I also managed to create the VPN Tunnel which is establisehed. I could then ping both servers with its ip but not with name. i could also see the network resources from branch office to main office but could not access them as well as I could not see the network from main office to branch office ?

now I cannot even ping although the connect is established.

I will open an other question if you want me I have three questions

1. what is it stopping me to ping the both servers with names and now with IP ?
2. how can I do the settings where I can ping with IP and domain names.
3. I can access the resources ie net work etc ?

as you already have this setup it may be you are able to help.
0
 
LVL 1

Author Comment

by:CJ
ID: 37427198
Dear Vic

I have also opened up another question in this regard you can check it the conetnts are as follow

Dear All
I have recently bought two CISCO routers RV220W for our main and brach office mainly for VPN tunneling. I didnt know they are routers only not modems. so I have set it up using BT 2wire Router as modem only.
I have successfuly setup the routers and manage to establish the VPN tunneling between two routers.
AS bt doesnt give static WAN IP address so I have used Dyndns which works fine. although I have 5 static ip address which cannot be used for WAN unless i cahnge to one IP address even then BT tech said it will not work.
when I created the tunnel i could ping both servers with their IP only not with the names. I can ping them fine locally. I could also see the network from branch office to main office but not from main office to branch office. today when I restarted the server I cannot ping both server i mean vice versa but VPN tunnel is established. now I cannot see the network from branch office to main office as well.
both sites running windows server 2008 standard. main office server has 6 NIC cards two wwith public and three with private ip addresses, its also runing Terminal server, exchange, file etc. the branch office has two NIC card one with private and one with public ip.
intially I could establish the VPN tunnel as the network range was same on both sites so I changed one in th e10.0.0.0 range other in 192.168.1.0 range and VPN tunnel was established straightaway.

As soon as the VPN tunnel was created I manage to creat an external trust without any problems and both servers are added in each other forward zones as name servers

Now I need your help.

1. how to fix the problem where I can pin the server with their IP as well as domain names ?
2. how to set it up so that both sides can see the network resources as well as access it ?
3. how to set it up so if the staff in branch office wants to log on the domain in main office he can simply do it as he does it in his office.

I can remote desktop both servers without any problems.

Any urgent help will be appricated

Regards
0
 
LVL 6

Accepted Solution

by:
vmagan earned 2000 total points
ID: 37427641
Can you link us to the other question? So that they can close this one.

Thanks
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question