Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VWAN - Bets practice

Status
Not open for further replies.
gstar1703

gstar1703

IS-IT--Management
Apr 7, 2005
138
GB
Hi,

We need to allow 30 XP workstations from another company (merged)to log onto our 2003 AD domain. I already have a 2MB leased line into the office where the server is based & am installing another in the remote office. I will have Site to Site VPN also setup, but wondered if anyone could offer me advice or links to information on how exactly the remote users would logon to our domain across the VPN when they first boot the PC. Presumably the PCs will be looking for the DHCP server which will be at the other end of the VPN, so I guess I would have to force all traffic through that channel??

Any clarification appreciated

G
 
Sort by date Sort by votes
We actually have a similar setup except we put a local server in the remote office to do the authentication process at the loggin. Then for data/exchange access, users either use their local apps or use RDP to connect to the server at HQ. Both servers are linked through a hardware VPN (Cisco Pix). There's also replication between the two servers. Howerver, in our case HQ only has servers (no actual workstations) so DHCP is disabled. All DHCP is done on the local server.
 
Upvote 0 Downvote
Hi akwong & thanx for the reply -
In your example, I take it your networks are on differnt subnets & you have 1 AD server at each end of the VPN? Do you then create a trust relationship between the 2 domains?

Do you know if its possible to force all remote clients to logon to our AD server via VPN? What are the pros/cons of haveing a logon server remotely?

Cheers
G
 
Upvote 0 Downvote
A DHCP request is done at network layer 2 which is not routeable, so I dont think that you will de able to force the DHCP request to be made from your remote site to your HQ server. You could setup your local router at the remote site to serve as a DHCP server and make the traffic routeable.
This way you will be able to route all traffic through your VPN tunnel and make your clients authenticate against your HQ AD server.

/Tommy
 
Upvote 0 Downvote
Thanx for your response -
If I understand correctly, I will need some kind of device remotely to authenticate users and assign IP address? If I have another 2003 server down there to achieve this how easy is it to "replicate" users, computers,OUs, or is it more suitable to create new remote domain with different subnet, create a trust between domains then fire traffic over the VPN that way?

Sorry for all the questions, just wanna get it right first time round..

Thanx
G
 
Upvote 0 Downvote
You just need at device to assign IP addresses. Then you will be able to route traffic to your HQ. I'll prefer to have a seperate server assigned to the site, but you could just make it an AD member server. Then the replication will run automatically.

/Tommy
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SNL888
  • Locked
  • Question
Practice Network Environment
Replies
8
Views
226
technome
technome
psgman2012
  • Locked
  • Question
need help in choosing new schema (best practices)
Replies
0
Views
128
psgman2012
psgman2012
snootalope
  • Locked
  • Question
Best Practice for auditing Active Directory
Replies
2
Views
59
PScottC
PScottC
bookouri
  • Locked
  • Question
dfs best practices
Replies
0
Views
63
bookouri
bookouri
wkim623
  • Locked
  • Question
Server 2003 Best Practice
Replies
5
Views
78
wkim623
wkim623

Part and Inventory Search

Sponsor

Back
Top