Link two networks over WAN

Currently we have one site with one Windows domain. My company acquired a second site and they want to be able to have client computers from Site A be able to access a server at Site B.  How should i go about setting this up..  We have Cisco ASA 5510 firewalls at both locations. Would a site to site VPN take care of this?

The servers in my second site, should they be part of the domain ate Site A.  Im looking for the best configuration to make transfer of data most efficient between sites. Should i have a second domain at Site B and create trusts between the two domains?
Who is Participating?
Paul MacDonaldConnect With a Mentor Director, Information SystemsCommented:
Yes, a site-to-site VPN is what you want.

As to the server question, that's up to you.  Generally, if you want to centralize administration of the remote network, you'd want them to belong to your domain.  If there's a reason they need to have an independent network or their own domain, you can set up a trust.
mwwebbAuthor Commented:
Id prefer site B to just be mostly member servers of the domain at Site A.  Id also like one of the servers at Site B to be a DC an have Active Directory replicate to Site B for redundancy.  

So, per your answer. I could do Site to Site VPN to link the sites together. (would a VLAN work here at all?)  Site B would be the same domain as Site A and Site B would pull its IP addresses from a DHCP server at Site A.  Once setup, accessing servers at Site B would easily be found across the network.

That sound right?
Paul MacDonaldDirector, Information SystemsCommented:
A VLAN isn't appropriate here.  There are two separate networks, so traffic is being routed.

Set up a site in AD Sites and Services to reflect the new network.  Set up a DC on the remote network, let AD replicate, add the member servers to the domain and you should be all set.
Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

mwwebbAuthor Commented:
What about DHCP servers? Should the DC in Site B have a DHCP server of its own, or should we follow the standards and have 1 DHCP server per network.  Meaning the DHCP server at Site A would be the only DHCP server between both Site A and Site B.  All Computers at Site B would be getting its IP addresses from the DHCP server at Site A?

ps: i plan to accept your solution, but want to test it first to see it working.
Paul MacDonaldDirector, Information SystemsCommented:
I'd put DHCP servers (and DNS servers) at each site.  That way, if the link goes down, they can keep doing some work.
Paul is 100% on the money here, if it doesn't work it would have to be that you did something wrong when implementing it.  So I vote for giving him the points.

The most common thing people do wrong is the routing, but since you are using the same firewalls for the VPN that you are already using as the Default Gateway for the LANs,...the routing would be automatic with nothing else extra to do.  Now ASA's can be a bit complex with the VPN ACLs, so make sure you get that right.
mwwebbAuthor Commented:
Yea i plan to give the points to paul. We had an issue with the ASA when updating the ASA and ASDM software.  We transfered configs from the original box to the secondary and something crashed.  Now we cant get the ASA to load. I can only connect to the box via the console port, and my command line functions are limited. it shows errors on boot, but not sure how to fix that yet. We're opening a case with cisco.

Once we get this setup in place, im going to create the server environment for this facility and test it. Once i can verify it works ill distribute the points.

Thanks a ton guys.. ill keep you updated.
You can't re-use the config from one and transfer to the other,...each is uniquely configured, trashing it is exactly what I would have expected.   You'll probably have to wipe the config clean and start over from scratch on that ASA unless you have a backup of the original config to go back to.

I'm not concerned with points,...I have a stack of unopened  t-shirts so high if it falls over it might hurt someone.  Just give them to Paul.
mwwebbAuthor Commented:
hahahah..thats funny about your tshirts.

thats exactly what happened with our ASA. How do i reset to factory default? I've looked up command lines and found this:

configure factory-default [ip_address [mask]]

however, the place that the ASA is at right now, this wont run. I get:

ERROR: % Invalid input detected at '^' marker.   (and the ^ is pointing to the "o" in configure)

If i type "?" at the ciscoasa> prompt i get:

and thats it.. i notice this is a limited list of commands compared to the list i'd get when the ASA image was running successfully.

If on boot i hit escape to interrupt the boot, i wind up at the
rommon #0> prompt

where there seems to be a lot more commands available, but none of them are the configure command or the revert command.   the hardware reset button on the back of the device doesnt reset anything either.

so thats where im stuck right now.

If i do a show disk0: , i can see that it has the ASA and ASDM boot images still there.  Also see the startup-config.cfg file, which im starting to think that if i can delete this file, that will alllow me to boot a clean, blank ASA image
Take the config file you have (the one that trashed it). Open it in notepad or some other good text editor and carefully and correctly edit it so that is reflects the correct config for the ASA you are going to use it on then import it through the Console port.

I can't help with specific command syntax,...I don't personally work with any Cisco Products (I'm all HP Procurve).  I could do it by "looking stuff up" before I worked on one,...but I'm not going to know the details off the top of my head.  I only ended up in this thread because the question was cross-posted to other non-Cisco Zones.

You may have to call Cisco Support if you get over your head
mwwebbAuthor Commented:
Sweet, thanks anyway pwindell... im going to reach out to cisco and have them help me. where im at, the commands are limited and there isnt much on the net i can readily find about these limited commands.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.