Solved

AD sites connection subnet question

Posted on 2013-12-18
3
565 Views
Last Modified: 2013-12-23
Hi
I setup an active directory with 2 domain controllers. Each is within a physically separated network with one public IP behind a firewall. If i open a vpn tunnel on one server the replication works. But i want to make the replication without a manual vpn connection (although, now it's a task, but a  user session is still necessary) the plan is to implement a direct server connection, for instance by using IPSec. Therefore, I created two AD sites and as far as I understand, i put the public IP of one network in the Ip address field in the "add subnet" wizard. Is this correct? What subnetmask do i need to add /0? I would then configure port forwarding to the internal server address on the firewall?

Is this concept going to work or would it be easier to setup a vpn tunnel between the networks and use different ip ranges? This would use new routers.

Thanks in advance for any help!
0
Comment
Question by:KellerIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 130 total points
ID: 39728425
Not sure are you referring to AD sites and subnets ?
If that's the case, adding public IP to AD sites and services is not required

All you need to do, just create site to site VPN tunnel between both sites and replicate DCs over internet through VPN tunnel
http://computer.howstuffworks.com/vpn4.htm

Mahesh
0
 
LVL 9

Assisted Solution

by:Zenvenky
Zenvenky earned 130 total points
ID: 39728719
In stead of doing it hard way, I would suggest you to configure site to site VPN tunneling which will take care of AD replication and DCs communication. Before you proceed to do anything just ping 1 DC from another if it resolves the IP to name and name to IP then its good. If note then go ahead and configure site to site tunneling in VPN. To do so refer your VPN configuration documents.
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 240 total points
ID: 39729234
AD Sites are services is merly a logical representation of how DC's replication is managed (manaully or by KCC). If you did not setup AD Sites and Services your AD authentication would work but it would not be consistent. Sites and services work by creating logical sites for DC's and also to provide users a way to authenticate to an appropriate domain controller that is in the same site, which provides efficency.

Sites and services want the internal IP subnet for each logical site you have in active directory. Regardless of how you connect to your sites physically (vpn/mpls/direct connection/etc) Sites are Services does not care. That being said you just need to have a a physical connection and then you can associate the IP/Subnets in Sites and Services.

Will.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question