Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Setting up a VPN between two offices - for dummies

Status
Not open for further replies.

DJR23

IS-IT--Management
Sep 29, 2005
4
GB
I'll explain what I'm trying to get to, that's probably the easiest start:

I've been asked by a local charity to help install a network at their new branch office.

The first office has 1 server which is the DC, Exchange Server and DHCP/DNS Server for all computers there, and I'm trying to get the second office to have pretty much the same except a different domain but the option to connect to the first. Still make sense... good. I've managed to get to the point where I've created an IP-SEC VPN connection between the two, but the problem I've got is I'm not sure what ip setup I should be using. I've setup the first network using 10.10.1.1 for the server, 10.10.1.10 for the router and clients as 10.0.0.3-10.0.0.254 should the second be similar? eg. 10.11.1.1 for the server, 10.11.1.10 for the router and 10.11.0.3 for the clients.

Hardware used is two 3com OC VPN Firewall Routers.

Please please please help! If nothing else just to stop the nagging!


Dave
 
Dave,


The IP setup for the 2nd network should be anything except the same Ip setup as the 1st network. I.e. 1st network is 10.10.1.1 , the 2nd network should be anything but 10.10.1.1. It doesn't really matter what you set it up as. Keeping it similar is just convention, so that admin's can easily keep track of their subnets.

Secondly, if you have 2 domains, you need to setup "Trusts" between the two domains, if you want the two networks to talk without any problems. It just works better this way.

Lastly, is the vpn tunnel working?

**Okay, have you tried rebooting the machine?**
 
Hey thanks for your help,

well I've setup the two networks as 10.0.0.0 and 12.0.0.0 both with a subnet of 255.0.0.0 so tnat shouldn't be a problem. I can ping from one side to the other so that seems to be fine as well.

I've got the first domain setup as peakslane.gcymca.org.uk and I'd like the other to be foyer.gcymca.org.uk but I don't seem to be able to browse using network places as I would if I were connected at the same location. So when I come to create the second domain as a new domain in an existing forest - it comes back with an error saying it can't find the first!

Should I be using one DNS server across the entire network?

Thanks,


Dave
 
I would recommend one DNS in each domain. Just in case the connection drops. This would also reduce (in theory) some of the network traffic. Dont foret to get the domains to trust each other and to replicate their dns.
 
why do you use 12.x.x.x? can't you use 10.1.x.x and 10.2.x.x?
 
I'm so nearly there it's killing me!

I'm using 10.x.x.x and 11.x.x.x because I've got that many different things running on the network with static ip's (like network cameras) it helps if I can use 10.1.x.x and 10.2.x.x etc.

I've now setup each server as it's own DNS server and the two are transfering their own zones to the other one fine.

I've gone right through DCPROMO and when in the automated bit at the end it attempts to:

'replicate the schema directory partition'

It comes back with the error:

'A domain controller could not be found'

Even though it talks to the blasted thing throughout the rest of the process. Any ideas guys, I'll try anything now!

Thanks foy your help,


Dave
 
I assume it will be looking for the other domain controller? Is the VPN running at the time of the error message? As this would make it difficult to see the other domain. Also does each domain have each other in their DNS settings? As in IP setting DNS server?
 
Yes, it goes through all processes and fails when it tries to start the replication process. The VPN is running throughout without any problems as far as I can see. I've setup each server as a DNS server and the different zones are being replicated to each. I've then tried setting up each server as a WINS server again with each replicating to the other but none of these has worked.

I'm not sure what I need to setup for this to work, and right now I'm willing to try just about anything!

Dave
 
Sorry all i can suggest is to post on the server support part of the forum.
 
DJR23-

Here is a small template and order to start things. Lets first start with IP address schemes. If you you two locations and you don't forsee them going over 254 clients, then leave the private class A address alone. You also cannot use the 12.0.0.0 address because thats a legal IP address and if you are connected to the internet, you will have all kinds of problems. They are way too big, and can create a subnet nightmare. With that said here is what I suggest.

Location: peakslane.gcymca.org.uk
Network: 192.168.1.0 Subnet Mask: 255.255.255.0 CIDR: /24
Server: 192.168.1.10 Router: 192.168.1.1
Computers: 192.168.1.11 - 192.168.1.254

Location: foyer.gcymca.org.uk
Network: 192.168.2.0 Subnet Mask: 255.255.255.0 CIDR: /24
Server: 192.168.2.10 Router: 192.168.2.1
Computers: 192.168.2.11 - 192.168.2.254

Make sure on both servers in DHCP your exclude the ranges 1 - 10 so they willnot be handed out.
Now that is established, I am assuming you already ran dcpromo and made a domain on each respective server. Make sure the DNS is set up on each as well. Now establish the tunnel between the two locations. After the tunnel is established, Go back to the DNS servers and add a secondary DNS server and point the secondary to each other IP address on the other end of the tunnel. For example if you are at the Foyer location, you would create a secondary Active Directory DNS server for peakslane location. Once that is done, then you can force a syncroniation between the two. At this point you should see both peakslane and foyer on each side with DNS entries. Without DNS this project fails. IF you see both DNS's, then you can go ahead a create a trust between the two locations. Let me know if this works for you.

Frank
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top