VPN and network Topology

  • Thread starter Thread starter James W. Long
  • Start date Start date
J

James W. Long

Hi all

We have 3 DC's on the inside of a firewall,

I want to set up a vpn server but am not sure
if I should use one of the three or

a separate machine in the DMZ which is
a different domain name, and set up a trust
between the two domains.

I say this because I need to bring 135
offices in via VPN and was looking for a
the best way to do it.

Also,are there hardware vpn
end point routers that will do the same thing
as a win2k vpn server or did I miss something there?

Thanks in advance
James W. Long
 
It is not recommended to install VPN on DC. in this case, I would buy a
Cisco PIX to setup VPN. this is quoted from http://www.ChicagoTech.net.

Connection issues on DC, ISA, DNS and WINS server as VPN server

Symptom: You have a Windows 2000/2003 server is configured as VPN running
DNS, WINS, you may experience some connection issues. 1) the internal
computers can't ping the server by name; 2) if the server is a DC and Master
Browser, you may have a computer browsing issue; 3) you may receive Event
ID: 4319 - A duplicate name has been detected on the tcp network; 4) You may
receive error messages like "No Logon Servers Available to Service your
Logon Request" when you try to open file shares or map network drives to the
Routing and Remote Access server; 5) if the server is also a DC, you may not
be able to logon the domain; 6) if the server is also running ISA, you
cannot browse the Web from client computers on the local network, regardless
of whether the computers are configured to use Web Proxy or the Microsoft
Firewall Client. For example, "The page cannot be displayed" may appear in
the Web browser with a "cannot find server or DNS" error message.

Cause: When a VPN client connects to the VPN server, the server creates a
PPP adapter to communicate with the remote computer. The server may then
register the IP address of this PPP adapter in the DNS or the WINS database.
When the internal computers try to connect to the IP address of the PPP
adapter, them cannot reach the PPP adapter, then the connections fail.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
 
Dear Robert:
Thank you for that information.
If I were using a pix 515e,
what sort of device could I put on the other end
assuming I did not want the vpn client running
a software based soulution?

Will another vpn router at the client end work?

I see linksys vpn routers etc...do they interface
into pix's ?

and that keeps the vpn tunnel off the local networks
in that model I assume.

Thank you,
James W. Long
 
Back
Top