How to connect 2 domains

  • Thread starter Thread starter Jason Cochrane
  • Start date Start date
J

Jason Cochrane

I have two servers on different domains. Each server is in a different
bulding. The buildings are 10 miles apart from each other. One server
connects to the internet thru a T-1 line, but is behind the router. The
router is using NAT. The second server connects to the internet via a DSL
line and is located on the private side of the network. The DSL router is
also using NAT.

With this setup, is it possible to join the two domains into one, or to
where each domain could be accessed from either location by changing the
domain at login?

Thanks for any suggestions..

Jason
 
Jason Cochrane said:
I have two servers on different domains. Each server is in a different
bulding. The buildings are 10 miles apart from each other. One server
connects to the internet thru a T-1 line, but is behind the router. The
router is using NAT. The second server connects to the internet via a DSL
line and is located on the private side of the network. The DSL router is
also using NAT.

With this setup, is it possible to join the two domains into one, or to
where each domain could be accessed from either location by changing the
domain at login?

Thanks for any suggestions..

Jason
Click to expand...

No, you can't join 2 domains into one without dismantling and you can't
alternatively login to one domain or the other. Thats why trust
relationships exist. A trust relationship permits a trusted domain the right
to authenticate clients on behalf of a trusting domain. Clients can then
cross the trust using global group membership to access resources.

First, you need to consider your options as far as connectivity between
domains is concerned and determine what traffic you can expect and support.
If you wish to connect accross internet while NAT is running, i'ld suggest
L2TP with IPSec. There is an update available to support NAT as well.

L2TP/IPSec NAT-T Update for Windows XP and Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;818043

You need to analyze your network at both ends while you are
installing/testing a VPN solution. Keep in mind that a client's VPN
connection needs to resolve the namespace on the trusting domain's network.
Hence the importance of DNS servers at both ends.

To achieve success, you need to take a step by step process. Does ISP
support GRE packets? (can a VPN be achieved using your present
connections?). Is router or firewall blocking ports that you need for your
connection type?

Increasing Security on Windows 2000 VPN Server
http://support.microsoft.com/default.aspx?kbid=255784

Don't even think of setting up a VPN through internet without encryption.
Take a look at some of the new NICs that are available that include IPSec
security embedded processors onboard. They are dirt cheap and releave a lot
of stress off the CPUs on the VPN servers.

Lets start with some documentation to help you out:
http://www.microsoft.com/windows2000/technologies/communications/vpn/default
..asp
 
Back
Top