mwwebb
asked on
Link two networks over WAN
Currently we have one site with one Windows domain. My company acquired a second site and they want to be able to have client computers from Site A be able to access a server at Site B. How should i go about setting this up.. We have Cisco ASA 5510 firewalls at both locations. Would a site to site VPN take care of this?
The servers in my second site, should they be part of the domain ate Site A. Im looking for the best configuration to make transfer of data most efficient between sites. Should i have a second domain at Site B and create trusts between the two domains?
The servers in my second site, should they be part of the domain ate Site A. Im looking for the best configuration to make transfer of data most efficient between sites. Should i have a second domain at Site B and create trusts between the two domains?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
A VLAN isn't appropriate here. There are two separate networks, so traffic is being routed.
Set up a site in AD Sites and Services to reflect the new network. Set up a DC on the remote network, let AD replicate, add the member servers to the domain and you should be all set.
Set up a site in AD Sites and Services to reflect the new network. Set up a DC on the remote network, let AD replicate, add the member servers to the domain and you should be all set.
ASKER
What about DHCP servers? Should the DC in Site B have a DHCP server of its own, or should we follow the standards and have 1 DHCP server per network. Meaning the DHCP server at Site A would be the only DHCP server between both Site A and Site B. All Computers at Site B would be getting its IP addresses from the DHCP server at Site A?
ps: i plan to accept your solution, but want to test it first to see it working.
ps: i plan to accept your solution, but want to test it first to see it working.
I'd put DHCP servers (and DNS servers) at each site. That way, if the link goes down, they can keep doing some work.
Paul is 100% on the money here,..so if it doesn't work it would have to be that you did something wrong when implementing it. So I vote for giving him the points.
The most common thing people do wrong is the routing, but since you are using the same firewalls for the VPN that you are already using as the Default Gateway for the LANs,...the routing would be automatic with nothing else extra to do. Now ASA's can be a bit complex with the VPN ACLs, so make sure you get that right.
The most common thing people do wrong is the routing, but since you are using the same firewalls for the VPN that you are already using as the Default Gateway for the LANs,...the routing would be automatic with nothing else extra to do. Now ASA's can be a bit complex with the VPN ACLs, so make sure you get that right.
ASKER
Yea i plan to give the points to paul. We had an issue with the ASA when updating the ASA and ASDM software. We transfered configs from the original box to the secondary and something crashed. Now we cant get the ASA to load. I can only connect to the box via the console port, and my command line functions are limited. it shows errors on boot, but not sure how to fix that yet. We're opening a case with cisco.
Once we get this setup in place, im going to create the server environment for this facility and test it. Once i can verify it works ill distribute the points.
Thanks a ton guys.. ill keep you updated.
Once we get this setup in place, im going to create the server environment for this facility and test it. Once i can verify it works ill distribute the points.
Thanks a ton guys.. ill keep you updated.
You can't re-use the config from one and transfer to the other,...each is uniquely configured,...so trashing it is exactly what I would have expected. You'll probably have to wipe the config clean and start over from scratch on that ASA unless you have a backup of the original config to go back to.
I'm not concerned with points,...I have a stack of unopened t-shirts so high if it falls over it might hurt someone. Just give them to Paul.
I'm not concerned with points,...I have a stack of unopened t-shirts so high if it falls over it might hurt someone. Just give them to Paul.
ASKER
hahahah..thats funny about your tshirts.
thats exactly what happened with our ASA. How do i reset to factory default? I've looked up command lines and found this:
configure factory-default [ip_address [mask]]
however, the place that the ASA is at right now, this wont run. I get:
ERROR: % Invalid input detected at '^' marker. (and the ^ is pointing to the "o" in configure)
If i type "?" at the ciscoasa> prompt i get:
clear
enable
exit
help
login
logout
no
ping
quit
show
traceroute
and thats it.. i notice this is a limited list of commands compared to the list i'd get when the ASA image was running successfully.
If on boot i hit escape to interrupt the boot, i wind up at the
rommon #0> prompt
where there seems to be a lot more commands available, but none of them are the configure command or the revert command. the hardware reset button on the back of the device doesnt reset anything either.
so thats where im stuck right now.
If i do a show disk0: , i can see that it has the ASA and ASDM boot images still there. Also see the startup-config.cfg file, which im starting to think that if i can delete this file, that will alllow me to boot a clean, blank ASA image
thats exactly what happened with our ASA. How do i reset to factory default? I've looked up command lines and found this:
configure factory-default [ip_address [mask]]
however, the place that the ASA is at right now, this wont run. I get:
ERROR: % Invalid input detected at '^' marker. (and the ^ is pointing to the "o" in configure)
If i type "?" at the ciscoasa> prompt i get:
clear
enable
exit
help
login
logout
no
ping
quit
show
traceroute
and thats it.. i notice this is a limited list of commands compared to the list i'd get when the ASA image was running successfully.
If on boot i hit escape to interrupt the boot, i wind up at the
rommon #0> prompt
where there seems to be a lot more commands available, but none of them are the configure command or the revert command. the hardware reset button on the back of the device doesnt reset anything either.
so thats where im stuck right now.
If i do a show disk0: , i can see that it has the ASA and ASDM boot images still there. Also see the startup-config.cfg file, which im starting to think that if i can delete this file, that will alllow me to boot a clean, blank ASA image
Take the config file you have (the one that trashed it). Open it in notepad or some other good text editor and carefully and correctly edit it so that is reflects the correct config for the ASA you are going to use it on then import it through the Console port.
I can't help with specific command syntax,...I don't personally work with any Cisco Products (I'm all HP Procurve). I could do it by "looking stuff up" before I worked on one,...but I'm not going to know the details off the top of my head. I only ended up in this thread because the question was cross-posted to other non-Cisco Zones.
You may have to call Cisco Support if you get over your head
I can't help with specific command syntax,...I don't personally work with any Cisco Products (I'm all HP Procurve). I could do it by "looking stuff up" before I worked on one,...but I'm not going to know the details off the top of my head. I only ended up in this thread because the question was cross-posted to other non-Cisco Zones.
You may have to call Cisco Support if you get over your head
ASKER
Sweet, thanks anyway pwindell... im going to reach out to cisco and have them help me. where im at, the commands are limited and there isnt much on the net i can readily find about these limited commands.
ASKER
So, per your answer. I could do Site to Site VPN to link the sites together. (would a VLAN work here at all?) Site B would be the same domain as Site A and Site B would pull its IP addresses from a DHCP server at Site A. Once setup, accessing servers at Site B would easily be found across the network.
That sound right?