Announcement

Collapse
No announcement yet.

Best option for connecting 2 locations

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Best option for connecting 2 locations

    Just wondering what you guys think is the best way to connect 2 locations on same domain with the equipment Ive got;

    currently running 8 meg ADSL at both locations,
    Netgear Routers (i think they are 835's but cant honestly remember!)
    location 1 (L1) has main DC (01), running Win 2k3 SP1 stnd. Also has RRAS server.
    uses 192.168.174.x range
    location 2 (L2) has 2nd DC (02), running Win 2k3 R2 stnd.
    uses 192.168.176.x range

    Currently, DC02 connects via VPN to the RRAS at L1. No other PC's at L2 can see network @ L1 and vise versa.

    So how would you guys set it up so everyone can see everyone? is it a case of VPN tunnel using the routers? or is there a better option? I'm currently considering getting a dedicated SDSL line from both locations put in.
    James
    MCP

  • #2
    Re: Best option for connecting 2 locations

    Hi,

    You will need to configure a Windows 2003 box at each site to use Routing and Remote Access Services (RRAS) to establish a VPN tunnel using the more secure L2TP (Layer 2 Tunnel Protocol) and route TCP/IP traffic between the two sites.

    Are you familiar with using RRAS to establish VPN connections?
    VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
    boche.net - VMware Virtualization Evangelist
    My advice has no warranties. Follow at your own risk.

    Comment


    • #3
      Re: Best option for connecting 2 locations

      L1 has a RRAS server setup (running 2k3 enterprise SP1), and L2 also has RRAS enabled on the server there (2k3 standard R2).

      I've never configured RRAS before.
      James
      MCP

      Comment


      • #4
        Re: Best option for connecting 2 locations

        just to update, Ive managed to get that setup with the help of articles such as http://www.microsoft.com/technet/.........._ch14.mspx.

        However, altho the servers see each other, the other PC's on the network at each end, cannot see each other. As in PC1 at L1 cannot see PC2 at L2. What I ideally want is for all PC's at each end to be able talk.
        James
        MCP

        Comment


        • #5
          Re: Best option for connecting 2 locations

          Do the PCs have a route to the respective networks?

          Could you post a diagram of your setup, including all routers and the default gateways for clients.
          Regards,
          Jeremy

          Network Consultant/Engineer
          Baltimore - Washington area and beyond
          www.gma-cpa.com

          Comment


          • #6
            Re: Best option for connecting 2 locations

            attached is a diagram Ive had around for a while, when i was showing a mate what I had planned about a year ago! apologies for its simplicity. Not sure if its what you ment either really.

            Its a relatively straightforward setup i think. Head Office is the L1 i mentioned in my first post, with the sub office as L2. DC01 @ L1 does all the main work, dealing with DHCP, DNS, AD etc. and DC02 @ L2 obviously does the same for those at L2.
            To keep the AD synchronised I would, up until now, periodically connect DC02 via a VPN connection to the RRAS at L1.
            The 2 routers are basic Netgear ADSL Modem Firewall Routers. These act as the default gateways to the local PC's, ip's being assigned via DHCP.

            As I've said, I managed to get a VPN Tunnel setup via the 2 RRAS', following the guidence on the link in my previous post. As far as I can tell this only connects the 2 servers and there is no further routing setup for the remaining PC's/Servers to see each other over the network. My RRAS knowledge is very limited. This is really my first dabble into it.

            I hope this info helps you understand my situation a bit more. All I want to be able to do is make all computers be able to see all others, on each side of the network.
            Attached Files
            James
            MCP

            Comment


            • #7
              Re: Best option for connecting 2 locations

              I think it's what I suspected...

              You were able to establish a VPN tunnel between the two servers, right?
              Well then, for the other computers on the subnet to use that tunnel, they need to know that the respective servers are the path to the other network.

              The easiest way to fix this, IMO, is to add a static route to each of the Netgear routers.

              Head Office
              Route: 192.168.176.0
              Mask: 255.255.255.0 (use the same mask as the actual network uses)
              Gateway: {ip address of DC01}

              Sub Office
              Route: 192.168.174.0
              Mask: 255.255.255.0 (use the same mask as the actual network uses)
              Gateway: {ip address of DC02}

              Now this will only work if it's an actual Site to Site VPN. If you configured a Remote Access VPN, then it won't work.
              http://www.microsoft.com/technet/net...h14.mspx#ESMAC
              Regards,
              Jeremy

              Network Consultant/Engineer
              Baltimore - Washington area and beyond
              www.gma-cpa.com

              Comment


              • #8
                Re: Best option for connecting 2 locations

                ah you see, now things are starting to make more sence....

                I'll give it a go and let you know.
                James
                MCP

                Comment


                • #9
                  Re: Best option for connecting 2 locations

                  no joy im afraid.

                  Just to confirm, the static route @ Head office need to have the DC01 ip address and not RRAS? Not that thats made any difference, I've tried both
                  James
                  MCP

                  Comment


                  • #10
                    Re: Best option for connecting 2 locations

                    Originally posted by JeremyW View Post
                    Now this will only work if it's an actual Site to Site VPN. If you configured a Remote Access VPN then it won't work.
                    http://www.microsoft.com/technet/net...h14.mspx#ESMAC
                    What kind of VPN connection is it? Did you click on the link I posted? (same as yours but it goes straight to the Site to Site configuration)

                    EDIT - I just looked at your diagram again and it looks like RRAS isn't installed on DC01. That means you've setup a Remote Access VPN. Look at how to setup the Site to Site VPN. Depending on what model your Netgear routers are, you might be able to use them to create the tunnel. Otherwise you'll need to install RRAS on DC01 and setup the Site to Site VPN (aka Demand Dial Routing)
                    Last edited by JeremyW; 18th April 2007, 19:58.
                    Regards,
                    Jeremy

                    Network Consultant/Engineer
                    Baltimore - Washington area and beyond
                    www.gma-cpa.com

                    Comment


                    • #11
                      Re: Best option for connecting 2 locations

                      The RRAS server at Head Office is a seperate server to DC01, but I have set it up as a Site to Site VPN using Demand Dial Routing. It also works as a secondary Domain Controller for redundancy.

                      There is an option for using the Routers as a VPN tunnel, but I wasnt sure how that would affect internet access? I would also personally prefer to use the RRAS to do it, as I'm learning something new here as well, but if it comes down to it I'll use the Routers.
                      James
                      MCP

                      Comment


                      • #12
                        Re: Best option for connecting 2 locations

                        Originally posted by swfblade View Post
                        The RRAS server at Head Office is a seperate server to DC01, but I have set it up as a Site to Site VPN using Demand Dial Routing. It also works as a secondary Domain Controller for redundancy.
                        Sounds like a fine setup. Once you get the site to site tunnel working you'll still need to configure the static routes on the routers. Remember to point the gateways to the respective RRAS server.
                        Regards,
                        Jeremy

                        Network Consultant/Engineer
                        Baltimore - Washington area and beyond
                        www.gma-cpa.com

                        Comment


                        • #13
                          Re: Best option for connecting 2 locations

                          cheers for the help anyway.

                          Anyone else have any ideas as to why its not working?
                          James
                          MCP

                          Comment


                          • #14
                            Re: Best option for connecting 2 locations

                            Originally posted by swfblade View Post
                            cheers for the help anyway.

                            Anyone else have any ideas as to why its not working?
                            Were you able to establish a site to site VPN connection?
                            Regards,
                            Jeremy

                            Network Consultant/Engineer
                            Baltimore - Washington area and beyond
                            www.gma-cpa.com

                            Comment


                            • #15
                              Re: Best option for connecting 2 locations

                              Yes I have...
                              Originally posted by swfblade View Post
                              .... but I have set it up as a Site to Site VPN using Demand Dial Routing ....
                              ...but as I say each side cant see the other, even after setting the routers up.
                              James
                              MCP

                              Comment

                              Working...
                              X