Connect to DC via internet

[morne]

Hi, does anyone know how I can join a win2k3 dc to
another win2k3 dc via the internet? Both dc's on the
internet have firewall's and I don't want to setup a vpn.

thanks in advance

 

[David Cross [MS]]

without a VPN you would need to open a lot of ports. are you sure you want
to open all the ports such as kerberos, ldap, rpc, dns, etc?

 

[Steven L Umbach]

I agree with Dave's comment, however here is a link that may help if you
really want to go that route. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;179442
http://support.microsoft.com/?id=154596

 

[Morne]

Hi, thanks for the prompt reply and the information. I am
not sure on how to configure the vpn for this type of
network. Does the vpn config not demand an physical
interface of it's own? I have only one interface on each
server and this interface will be disabled as soon as I
create the vpn connection. True or false?

 

[Steven L Umbach]

It depends. Generally a W2K vpn server is connected to the internet with one nic, and
another nic connected to the internal lan. However if you are using nat/pat at the
router then you can forward vpn ports/protocols to an internal address vpn server -
typically port 1723 and protocol 47 since l2tp can not use normal nat. The domain
controllers do not have to be vpn servers themselves [and not recommended anyhow] and
would access each other through the vpn. A better solution if possible would be to
use ipsec vpn tunneling, but your routers facing the internet would need to support
it. If you are interested in such a setup, I would recommend that you post specifics
on the win2000.active_directory newsgroup as you might need to configure sites,
c. --- Steve