svillardi
asked on
Move RRAS from SBS 2003 to Windows 2008 R2
Hi Experts,
I am separating the major functions of an SBS 2003 server into a Win 2008 R2 server and an Exchange 2010 server. I am looking for guidelines/best practices for moving RRAS used for VPN access.
I've created a new domain controller as a start. Everything is sitting behind a Cisco 5510 router/firewall, with rules pointing to the old server.
Here are my questions:
Is it OK to move the VPN to the new DC or is that not recommended? Should it be on another server instead?
Is there a simple way of moving the settings to a new server? I saw some powershell stuff but it seemed easier to do it manually (according to youtube...lol)
How can I test the new settings without changing the firewall rules to port forward to the new server? I want to make sure everything is working properly and not impact the users? Can I change the PPTP port on the new server and forward the PPTP request to the new server? If so, how do I change the setting on the client port?
How would you suggest migrating the remote user settings to use the new server? I can't use a DNS alias because Exchange traffic comes over the same host.
Thanks for the assistance.
S.....
I am separating the major functions of an SBS 2003 server into a Win 2008 R2 server and an Exchange 2010 server. I am looking for guidelines/best practices for moving RRAS used for VPN access.
I've created a new domain controller as a start. Everything is sitting behind a Cisco 5510 router/firewall, with rules pointing to the old server.
Here are my questions:
Is it OK to move the VPN to the new DC or is that not recommended? Should it be on another server instead?
Is there a simple way of moving the settings to a new server? I saw some powershell stuff but it seemed easier to do it manually (according to youtube...lol)
How can I test the new settings without changing the firewall rules to port forward to the new server? I want to make sure everything is working properly and not impact the users? Can I change the PPTP port on the new server and forward the PPTP request to the new server? If so, how do I change the setting on the client port?
How would you suggest migrating the remote user settings to use the new server? I can't use a DNS alias because Exchange traffic comes over the same host.
Thanks for the assistance.
S.....
Two overarching comments.
1. Moving today to Server 2008 is already obsolete. Is there a reason why you cannot use Server 2012 R2?
2. VPN is BEST done with hardware VPN. Put in a Cisco or Juniper VPN box and divorce entirely from your servers. It just works better that way (in my experience with clients).
1. Moving today to Server 2008 is already obsolete. Is there a reason why you cannot use Server 2012 R2?
2. VPN is BEST done with hardware VPN. Put in a Cisco or Juniper VPN box and divorce entirely from your servers. It just works better that way (in my experience with clients).
ASKER
So, even for testing, I cannot change the port on the receiving server, create a new port forward setting for the request to point to the new server and then somehow set up a client to use that vpn.serveraddress.com:port number?
I can't do this without a way to test. I only have one IP.
I can't do this without a way to test. I only have one IP.
How many users? Put in a VPN box for your one IP first, move the users, and then upgrade the Server.
ASKER
We aren't licensed for 2012 servers.
We are running a Cisco 5510 and I could set up Anyconnect, but getting this out to the users won't be easy. At least I could test it easily... But I don't know what licensing is there either.
This is a small business with non-technical users. Trying to keep things as easy as possible for them.
We are running a Cisco 5510 and I could set up Anyconnect, but getting this out to the users won't be easy. At least I could test it easily... But I don't know what licensing is there either.
This is a small business with non-technical users. Trying to keep things as easy as possible for them.
ASKER
60 users about.
ASKER
But maybe a max of 10 at a time?
I am not a big fan of server RRAS. I prefer hardware VPN and you can easily do it for 25 users at a time.
However, that is just the way my clients have been doing this for a long time.
However, that is just the way my clients have been doing this for a long time.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
I'd use the Cisco as your gateway and leave RRAS off an SBS2011 server, leave the DNS on the SBS. and just skip the extra load and complication. Basically what john said.
your ASA should already have the port exceptions for the old server.
your ASA should already have the port exceptions for the old server.
ASKER
DNS and DHCP have already been moved to the new DC.
should be able to just change the scope option for gateway in the DHCP server to the ASA and be up and running. you'll have to tweak the port exceptions, and the VPN stuff, but should be pretty minor changes.
I would transfer those few settings required for RRAS manually.
You cannot change the PPTP port, it is fixed.So you will have a hard time testing with public IP. You do not have more than one public IP available? That would it make easy, as you can separate services that way.
If you cannot use different public IP addresses, you'll have to switch all users at once. Otherwise you can change the IP address on the client side one by one.