Re: Branch Office Hardware VPN connection
From: SuperGumby [SBS MVP] (not_at_your.nellie)
Date: 09/23/04
- Next message: SuperGumby [SBS MVP]: "Re: ISA Protocol Rules"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: SBS2003 Add user wizard fails"
- In reply to: Mike Officer: "Branch Office Hardware VPN connection"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 23 Sep 2004 20:06:09 +1000
Hi Mike, IMHO the rest of this thread is tangential so I'll start here.
as others have mentioned
NT can be a DC in an AD domain. What wasn't mentioned is that the AD must be
in 'mixed mode' and I can't remember whether a clean SBS2k install is
'mixed' or 'native 2000', mixed, I think. Which means that if you reinstall
your existing NT box it can be made a DC, but as NT DC's cannot change
domains you can't 'move' the existing server to an AD DC role. I see little
if any value in wipe/reinstall just so the NT box can be made a DC, if I was
looking at reinstalling it I'd be looking at making it a member server. For
any naysayer, yes, I am keeping in mind the fact that the NT4 DC could act
as authentication host, at least, should the VPN be down. I just don't
figure much value to it on the rare occassions the VPN may be down.
XP/2000/NT will use cached credentials.
Having local filespace, maybe DFS filespace, and the ability to centrally
backup the branch office data are, to me, much better reasons for having a
branch server, whatever OS.
I had a look at the SOHO6tc, the 'OPT' port? Can it be the third leg in a
classic WatchGuard config, I'm not familiar with the unit but know other
WG's.
In a three legged config the WG COULD be setup:
ISA (SBS.External) in DMZ with the WG.Internal (and therefore VPN) on the
SBS.Internal network. The WG could be set to disallow any traffic from the
internal to Internet but allow VPN clients access to the internal network
and optionally internet.
ISA control and hardware VPN, I like the idea.
Mind you, you could also use the WG at the branch to terminate a PPTP VPN
into ISA/SBS and not need the WG at HQ, we could explore that scenario if
you like.
"Mike Officer" <mofficer@execulinkNOSPAM.com> wrote in message
news:#MBBmSznEHA.2904@TK2MSFTNGP15.phx.gbl...
> After reading previous posts here, I didn't see the answer I was looking
> for. A customer of mine has 2000SBS setup at their Main office, and an
> NT4.0 Server setup at their Branch office. I installed to a Watchguard
> SOHO6tc VPN router in each location and I have an active VPN connection
> between both locations.... have verified it by "ping" from both ends.
>
> I'm trying to set it up so that they can have the Branch office server
> "talk" to the SBS2000 server... ideally be a BDC for the 2000SBS server,
to
> allow Branch office users to access more resources and they have a program
> they want the Branch office users to be able to access on the 2000SBS box.
>
> Main Office SBS2000 2 Nic's
>
> Internal Nic- 10.0.0.x
> External Nic - 192.168.1.2
> VPN Router - 192.168.1.1 and Static IP from ISP
>
> Branch Office
>
> NT4.0 Server 1 Nic - 192.168.2.10
> VPN Router - 192.168.2.1 and Staic IP from ISP
> Same domain name
>
> I guess my question is... how can I "open" ISA to allow this to happen, or
> how should I best configure this.
>
> Any help is greatly appreciated!
>
> Mike
>
>
>
- Next message: SuperGumby [SBS MVP]: "Re: ISA Protocol Rules"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: SBS2003 Add user wizard fails"
- In reply to: Mike Officer: "Branch Office Hardware VPN connection"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
