I have a test network that consists of the following
Site 1 (Connected to internet via Linksys Router)
DC1 = Win2k DC, GC, IIS, DHCP, DNS(Standard Primary), SQL 2000, Exchange 2000, holds all FSMO roles
VPN-1 = Win2k member server, vpn server
DC2 = .Net 2003, IIS 6, DNS
LAP2 = WinXP
LAP3 = WinXP
wks1 = +WinME
wks2 = WinME
Linksys 4 Port Ethernet Router switch combo
Site 2 (Connected to internet via Linksys Router)
DC3 = Win2k DC, GC, IIS, DNS(standard secondary), SQL 2000
LAP1 = Win XP Pro laptop
Linksys 4 Port Ethernet Router switch combo
In site one I have port 1723 and 47 being forwarded through Linksys router to the VPN-1 server. The strange thing is that when I do this and the DC from site 2 makes a VPN connection, all the rest of the workstations on the Site1 LAN lose there internet connection except for my DC's. If I put the server into the DMZ everything works fine. Has anyone seen any problems with port forwarding on a Linksys router. I also configured a static rout on the Linksys to the Site 2 router IP. When a the DC from site 2 makes it VPN connection to Site 1 I have name resolution and everything works fine when I try to start replication, or pull a dns zone form DC1 in site1. For this to work properly I had to manually add some records to dns. If I try to do anything from DC1 to DC3 I am unable to resolve the DC3 address from any workstation. I looked in DNS on DC1 and everything works fine. I can force replication from DC3 to DC1 without any problems, but not the other way around. Could creating a secondaryzone on DC1 and pulling it form DC3 possibly remedy the problem?
\
Is there a better way to setup a connection between two sites other than VPN. A Microsoft rep said that I could not do IPsec because of the NAT being done on the Linksys. Anyone else experience this? I am just looking for a good way to keep two sites connected and secure.
Any help or direction would be great, i would no think I am the only one that has tried to do this.
Thanks in advance
|
John
Hicks | KEMET
Electronics Corporation | Network
Engineer Phone: 864-228-4473 | E-mail: [EMAIL PROTECTED] | AOL IM: ipaq1978 [ Mailing: 2835 KEMET Way Simpsonville, SC 29681 USA ] |
