Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Link two networks over WAN

Posted on 2011-10-18
13
Medium Priority
?
326 Views
Last Modified: 2013-11-19
Currently we have one site with one Windows domain. My company acquired a second site and they want to be able to have client computers from Site A be able to access a server at Site B.  How should i go about setting this up..  We have Cisco ASA 5510 firewalls at both locations. Would a site to site VPN take care of this?

The servers in my second site, should they be part of the domain ate Site A.  Im looking for the best configuration to make transfer of data most efficient between sites. Should i have a second domain at Site B and create trusts between the two domains?
0
Comment
Question by:mwwebb
  • 5
  • 3
  • 3
11 Comments
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 2000 total points
ID: 36987233
Yes, a site-to-site VPN is what you want.

As to the server question, that's up to you.  Generally, if you want to centralize administration of the remote network, you'd want them to belong to your domain.  If there's a reason they need to have an independent network or their own domain, you can set up a trust.
0
 

Author Comment

by:mwwebb
ID: 36987297
Id prefer site B to just be mostly member servers of the domain at Site A.  Id also like one of the servers at Site B to be a DC an have Active Directory replicate to Site B for redundancy.  

So, per your answer. I could do Site to Site VPN to link the sites together. (would a VLAN work here at all?)  Site B would be the same domain as Site A and Site B would pull its IP addresses from a DHCP server at Site A.  Once setup, accessing servers at Site B would easily be found across the network.

That sound right?
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 36987390
A VLAN isn't appropriate here.  There are two separate networks, so traffic is being routed.

Set up a site in AD Sites and Services to reflect the new network.  Set up a DC on the remote network, let AD replicate, add the member servers to the domain and you should be all set.
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 

Author Comment

by:mwwebb
ID: 36988591
What about DHCP servers? Should the DC in Site B have a DHCP server of its own, or should we follow the standards and have 1 DHCP server per network.  Meaning the DHCP server at Site A would be the only DHCP server between both Site A and Site B.  All Computers at Site B would be getting its IP addresses from the DHCP server at Site A?

ps: i plan to accept your solution, but want to test it first to see it working.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 36988767
I'd put DHCP servers (and DNS servers) at each site.  That way, if the link goes down, they can keep doing some work.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 36996265
Paul is 100% on the money here,..so if it doesn't work it would have to be that you did something wrong when implementing it.  So I vote for giving him the points.

The most common thing people do wrong is the routing, but since you are using the same firewalls for the VPN that you are already using as the Default Gateway for the LANs,...the routing would be automatic with nothing else extra to do.  Now ASA's can be a bit complex with the VPN ACLs, so make sure you get that right.
0
 

Author Comment

by:mwwebb
ID: 36999456
Yea i plan to give the points to paul. We had an issue with the ASA when updating the ASA and ASDM software.  We transfered configs from the original box to the secondary and something crashed.  Now we cant get the ASA to load. I can only connect to the box via the console port, and my command line functions are limited. it shows errors on boot, but not sure how to fix that yet. We're opening a case with cisco.

Once we get this setup in place, im going to create the server environment for this facility and test it. Once i can verify it works ill distribute the points.

Thanks a ton guys.. ill keep you updated.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37000095
You can't re-use the config from one and transfer to the other,...each is uniquely configured,...so trashing it is exactly what I would have expected.   You'll probably have to wipe the config clean and start over from scratch on that ASA unless you have a backup of the original config to go back to.

I'm not concerned with points,...I have a stack of unopened  t-shirts so high if it falls over it might hurt someone.  Just give them to Paul.
0
 

Author Comment

by:mwwebb
ID: 37000294
hahahah..thats funny about your tshirts.

thats exactly what happened with our ASA. How do i reset to factory default? I've looked up command lines and found this:

configure factory-default [ip_address [mask]]

however, the place that the ASA is at right now, this wont run. I get:

ERROR: % Invalid input detected at '^' marker.   (and the ^ is pointing to the "o" in configure)

If i type "?" at the ciscoasa> prompt i get:
clear
enable
exit
help
login
logout
no
ping
quit
show
traceroute

and thats it.. i notice this is a limited list of commands compared to the list i'd get when the ASA image was running successfully.

If on boot i hit escape to interrupt the boot, i wind up at the
rommon #0> prompt

where there seems to be a lot more commands available, but none of them are the configure command or the revert command.   the hardware reset button on the back of the device doesnt reset anything either.

so thats where im stuck right now.

If i do a show disk0: , i can see that it has the ASA and ASDM boot images still there.  Also see the startup-config.cfg file, which im starting to think that if i can delete this file, that will alllow me to boot a clean, blank ASA image
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37000353
Take the config file you have (the one that trashed it). Open it in notepad or some other good text editor and carefully and correctly edit it so that is reflects the correct config for the ASA you are going to use it on then import it through the Console port.

I can't help with specific command syntax,...I don't personally work with any Cisco Products (I'm all HP Procurve).  I could do it by "looking stuff up" before I worked on one,...but I'm not going to know the details off the top of my head.  I only ended up in this thread because the question was cross-posted to other non-Cisco Zones.

You may have to call Cisco Support if you get over your head
0
 

Author Comment

by:mwwebb
ID: 37000399
Sweet, thanks anyway pwindell... im going to reach out to cisco and have them help me. where im at, the commands are limited and there isnt much on the net i can readily find about these limited commands.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
Considering cloud tradeoffs and determining the right mix for your organization.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question