1 domain, 2 sites, 1 T-1, internal natting...

  • Thread starter Thread starter circuit
  • Start date Start date
C

circuit

Howdy everyone,

Current situation:
1 ms win2003 domain. Most users are in hq that houses citrix server
utilized by users in location2..
Citrix users in location2. Citrix users' client pc's belong to
workgroup, not domain (due to wan speed), therefore they access network
resources via Citrix only.

Dumb question (at least I think so, I am having difficulty with this
one):
If hq client machines are 192.168.1.x , and default gw for
hq=192.168.1.2 (long story why),
and location2 machines are 192.168.2.x and default gw=192.168.2.2

Would it be a stupid idea to change the location2 client machines to
the same network (192.168.1.x) and add them to the domain managed by
hq?

I have a point-to-point T-1 with managed routers at both ends.

The primary issue, among many, is that I wanted to create a partially
wireless solution in location 2, and per linksys, weather you have a
WAP and/or a wireless router, changing the ip of the wireless device to
a .2 never works, and it loses connection. Also I want to make sure
that if I change the location 2 to the same network (168.1.x) that
apps, logging in, etc over the WAN all of the above would be slower
than molasses...

Finally, in terms of scalability, if we get a 3rd site, a)would it be a
good recommendation to have server at each site communicating via the T
to headquarters site (either for dhpc relay, or application
replication, etc.)?? b)Is it possible to set it up as 192.168.3.x, and
how would this affect wireless authentication at that site?

Thanks for the help in advance, this has been driving me bonkers.. I
know this is a long description but the more info in the initial
description, the better :-)
 
circuit wrote:

That's a lot of ifs! See inline:
Howdy everyone,

Current situation:
1 ms win2003 domain. Most users are in hq that houses citrix server
utilized by users in location2..
Citrix users in location2. Citrix users' client pc's belong to
workgroup, not domain (due to wan speed), therefore they access network
resources via Citrix only.

Dumb question (at least I think so, I am having difficulty with this
one):
If hq client machines are 192.168.1.x , and default gw for
hq=192.168.1.2 (long story why),
and location2 machines are 192.168.2.x and default gw=192.168.2.2

Would it be a stupid idea to change the location2 client machines to
the same network (192.168.1.x) and add them to the domain managed by
hq?
Click to expand...

First of all, most T-1 connections are routed, so they must be on
different networks. Secondly, you don't need to be on the same subnet to
join them to the domain, you just need to have the clients using the DNS
server for the domain (WINS too if you need to browse the networks).

I have a point-to-point T-1 with managed routers at both ends.

The primary issue, among many, is that I wanted to create a partially
wireless solution in location 2, and per linksys, weather you have a
WAP and/or a wireless router, changing the ip of the wireless device to
a .2 never works, and it loses connection.
Click to expand...

Are you sure about this? There's no good reason why that wouldn't work.
If it's a WAP, it doesn't even need an IP address except to manage it if
you have another router. It just acts as a bridge between the wired and
wireless sides.


Also I want to make sure
that if I change the location 2 to the same network (168.1.x) that
apps, logging in, etc over the WAN all of the above would be slower
than molasses...
Click to expand...

I'm not getting this one. It may be possible to bridge across the WAN
depending on equipment, but either way, 1.5 megabits is 1/67 the speed
of most LANS. Routed or bridged, it will be slow.

Finally, in terms of scalability, if we get a 3rd site, a)would it be a
good recommendation to have server at each site communicating via the T
to headquarters site (either for dhpc relay, or application
replication, etc.)?? b)Is it possible to set it up as 192.168.3.x, and
how would this affect wireless authentication at that site?
Click to expand...

Any network number will work as long as it's different from the other
sites. Whether or not you need a server at each site depends on what you
mean by server and what services the server is providing. It also
depends on a whole lot of other things like how many computers/users at
the remote site, how much data will need to move across the WAN, etc.
Thanks for the help in advance, this has been driving me bonkers.. I
know this is a long description but the more info in the initial
description, the better :-)
Click to expand...

A few notes, observations.

1) If thin client (terminal services) is working, there's no need to
have the remote clients members of the domain unless you need to apply
group policy or other domain level stuff.

2) RDP has built-in encryption and you don't need a T-1 or even a VPN
for security. You can run it directly over the Internet. Of course
you'll want to take steps to harden your terminal server. If you have a
firewall between the terminal server and the Internet and your remote
site has a static IP, you can reject all traffic except from your site.

3) If you have high-speed Internet available at each site, you can
usually do more for less. Here in Washington state where I live, I can
get DSL up to 8 Megabits for less than $100/month. A T-1 across town is
more than 3 times that and less than 1/5 the speed. A VPN appliance at
each end can be had for less than $300.

....kurt
 
Back
Top