Adding branch site to existing domain

Slider_ict
Slider_ict used Ask the Experts™
on
We have one forest one domain at a single location.  Cisco asa 5550 with one wan , one lan and one voip interface . Main site is at 10.0.0.0/24 under AD , VOIP is at 10.0.10.0/24 and Firewall handles DHCP.

Need to add a colocation , with no more than 10 hosts . New location is connected to existing site over metroe line (50MB) , no ip's were given so i am assuming we can assign whatever at each end to make it work .
Also I have one wan connection at the new site .

I have two SG350XG-2F10 12-Port 10G Stackable Managed Switches , one Fortigate 100e firewall

I would like to keep it one lan single site as I dont expect more sites or more hosts in near future .

What is the best way to accomplish this ?

Connect Fortigate to ASA over metroe line or use Switches or ?

Do we need to create tunnel and encrypt ?

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Brian BEE Topic Advisor, Independant Technology Professional

Commented:
You would probably be better off creating a second subnet and vlan to cut down on traffic coming over the WAN. Set up a VPN link between the firewalls for security. Put in a domain controller (two is better) at the remote site.

Author

Commented:
I am not that tech savvy but I can understand and implement ,, so what you saying is

attach fortigate at new location to one end of the metronet , say wan2 port
attach the other end of the metronet to one of the  empty ports on cisco asa , call it datacenter port

then assign ........... 192.168.3.1 to datacenter and 192.168.3.2 to wan2

create IPSec tunnel ,,

Create new site and subnet in main office's domain controller

existing subnet is 10.0.0.0/24 , new subnet is 10.0.1.0/24  

Then define routing both at cisco and forigate ?


Or I have it all wrong ?
Jeff GloverSr. Systems Administrator

Commented:
If you are only going to have about 10 hosts and no DC at this new location, then for AD, you just need to add the Subnet to AD Sites and Services under you default site name (you should the current Subnet there already). Don't need a new site unless a DC is going there. If you want to add a DC there, then you will need a site for it, For the rest, A VPN will let you route between offices.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial