Point to point VPN setup question

  • Thread starter Thread starter Mike
  • Start date Start date
M

Mike

Greetings,

We have OFFICE1 with an IP scheme of 192.168.0.x, mask of
255.255.255.0, with a WIN2K Server behind a firewall box
running RRAS for VPN access.

We have OFFICE2 with an IP scheme of 192.168.1.x, mask of
255.255.255.0, with a WIN2K Server running RRAS.

Currently I'm having the users in OFFICE2 VPN into OFFICE1
since that is where Exchange, SQL and the DC is. So each
user is an individual VPN client. It all works fine.

What I'd like to do is set up a point to point between the
two servers so that the users in OFFICE2 do not have to
use a VPN connectoid, they use the established tunnel
between the two servers.

My question is, is this possible, and if so should I
promote the server in OFFICE2 to a DC and use AD
replication so that the users can get authenticated
locally? Also, should DNS and WINS be set up there as well?

Finally, does anybody know of any documentation that
spells out clearly the best way to set this up that I
could obtain?

Thanks very much in advance,

Mike
 
There are really two separate things involved here. One is routing and
the other is Active Directory.

You can certainly arrange to use a routed VPN connection between the two
sites. (This is sometimes called router to router, site to site or even LAn
to LAN routing). Instead of having a client-server type VPN connection, the
two sites route across the VPN. All machines use their normal private IPs,
and the VPN link works like a (SLOW) IP router between the two subnets. W2K
RRAS can do this, but it can be a problem using DCs for this. I would look
at using dedicated routers for the VPN link. Prices for hardware VPN routers
are still falling.

How the two sites behave regarding Active Directory is defined in Active
Directory Sites and Services. You can have DCs in both sites, and AD Sites
and Services will control the amount of traffic crossing the link. For
instance it will direct clients to the local DC for login.

One WINS server should work fine, but you could have two relpicating
across the link. For DNS, my personal choice would be to have a DNS server
in each site which hosts the local zone, with each server being a secondary
for the other (so that either server can resolve names locally for either
zone).
 
Back
Top