Networking, Static Routes, ??

[ctagle]

Hello all and thanks in advance for any input or comments.

Here is my scenario;
1st. Location one consist of ? One DSL line with 5 static public IP?s, 2wire DSL modem, and a LinkSys RV042 router. At this time we are connected to the internet via DSL using the 2wire modem.
2nd. We are trying to connect our Linkys RV042 2wire via the office portal an create a VPN tunnel or gateway to our main office.

The 2wire uses the wan ip of 69.155.102.x, subnet = 255.255.255.255, gateway = 10.20.30.40 and it also uses internal lan ip?s of 192.168.1.X-255 with DHCP static mapping. The 2wire also has a network bridge feature which allows me to map static public ip?s to my machines for public use.

What I am trying to do is connect the Linksys RV042 VPN router to the 2wire, assign it a public IP then create a VPN tunnel or gateway to gateway to our main office.

Problem one is when I connect my Linksys Router I can assign it a public ip but I don?t have internet capabilities. I am assuming this wont work cause I need to have static routes so both routers can see each other?

How can I setup my Linksys to have a static IP and be able to connect out using the DSL 2wire router.

2wire setting to bridge network 255.255.255.248 subnet

2wire = 69.155.102.X
Subnet = 255.255.255.255
Gateway = 10.20.30.40

2wire Internal Lan
192.168.1.254 ip to access 2wire
Subnet =255.255.255.0
Gateway 192.168.1.254

The linksys has all the same settings as the 2wire except for the subnet. The linksys doesn?t have the 255 subnet feature.

Please help and any comments and suggestions are welcome.

Thanks,
Chris

 

[tweekah]

Location 1, Set the 2wire to bridge mode via MDC and then configure PPPoE on the linksys. This method will give you a true public ip on the WAN side of the linksys. The linksys will pull the same ip everytime you authenticate. You don't need all 5 public ips, just 1. Then you can setup port forwarding on the linksys. Remember SBC's new static plan is not a bridged static, but sticky static (PPPoE).

Option 2, is ditch the 2wire 1800hg unit since you have wireless capabilities in your linksys. You should have gone with the Netopia modem/router, I wonder if it's too late for you to switch. Let me know how it works.

 

[ctagle]

Ok, let's see if I have this correct?
I need to set my 2wire to bridge mode then configure the Linksys to connect to SBC via PPPoE correct?

Ok I got this to work, I set my 2wire to bridge mode and connected the RV042 Linksys via PPPoE and I was able to connect to the internet.

Now I need to try and figure out how to connect location one with location via VPN.

Do I need to create a tunnel on location 1 so location 2 can connect?
If so how do I configure connection 2? Gateway to Gateway or Client to Gateway?

Thanks,
Chris

 

[Micronaut]

Does either have a static IP (public)? If so, that should be the gateway. (unless you're using DynDNS or something) - then it doesn't really matter.

 

[tweekah]

Yes, all you need is a tunnel on the linksys in location 1 now. Location 2 will point to your gateway ip, which is the first ip after your 5 usables, and the fowarding will take care of the rest. As far as setting up everything on the VPN, I'm afraid i'll be no help =(

 

[ctagle]

It works great and thanks for the help. I am learning as I go.

Ok here is another question and maybe you all can help me out here.

Location one is now setup with the internal lan ip's 192.168.1.X
Location two is now setup using the internal lan ip's 192.168.2.X

I can ping both ways from either end and all is woring fine for now via the VPN.

Location one has the server and is running windows 2003 server with Active Directory.
Is it possible to see the clients on either side without having to type in a ip.

Example, I want to be able to join a computer to the domain ( server on network 1) from the network 2.

Exampe, if I am on network 1 with 192.168.1.X how can I see a computer on network 2 with the 192.168.2.x without having to type the IP ?
Lets say I wanted to access that computer using the hostname.

Is this possible?

 

[Micronaut]

Yes, it's possible. But I believe you need a GC (or GC proxy) on the remote end.

 

[ctagle]

Sorry but what is a GC ?

 

[Micronaut]

Sorry, Global Catalog. And I believe I mispoke... I think it's caching (Universal Group).

Nope, looks like you need a DC on the remote end. Then the 2 DC's can sync the AD information. You can use Universal Group caching to help alleviate the traffic across the VPN.

http://www.windowsdevcenter.com/pub/a/windows/2004/05/18/ug_caching.html
Universal Group Caching

Enter universal group caching, a new feature of Windows Server 2003. By configuring universal group caching on the domain controllers in your remote site, you ensure that a user's universal group membership information is available when he tries to log on and there is no GC available at the remote site. Enabling universal group caching is easy. Just open Active Directory Sites and Services, connect to a domain controller in the remote site, expand the Sites container, expand the name of the site, right-click on NTDS Site Settings, select Properties, and select the checkbox

 

[Micronaut]

For Windows 2000:

http://support.microsoft.com/default.aspx?scid=kb;en-us;241789

 

[ExcuseMe]

What you really need is a DNS server to translate the computer name to an IP address. This will only be the case if yjou are utilizing host name resolution though. For NetBIOS name resolution, you will have to set up a WINS server.

 

[DarkJuJu]

just modify the host file on the remote PCs and the server

 

[ctagle]

Ok thanks for all the feedback.. We have the VPN tunnel working and our main location has the server ( windows 2003 ) and running Active Directory with DNS.

We also have a server ( windows 2003 ) running at the remote location. Will I be able to add the remote computer to the domain using DCPROMO?

Do I point my DNS settings on the remote server to the main server ip?



Hello all, and thanks in advance for any input you can provide me with.

1st We have our main location which uses Windows 2003 server running Active Directory
2nd We have another location in a seperate city and we have a Windows 2003 Server running at that location.
3rd. We have a VPN connection between both locations and I am able to ping both sides, I am able to see the servers using the local ip and so forth. I can ping using the name or the ip.
4th What we want to do is connect our server in location two and make it a Back up Domain Controller to our main office AD, we are hoping this will help us so our users can login into the domain in the main location and access resources.
5th Both locations are running under firelwalls. Do we need to open any ports on the firewalls?
6th Our main location uses a 4622 Netpoia Router and the second location uses a Linksys Rv042 router

When trying to add a computer to the domain we get an error though.

The service did not respond to the request in a timely fashion and thus not allowing us to add machines to the domain.

Also when we use DCPROMO on the second server and use the add an additional domain controller to the domain we get the same error.

So far we have been unsuccessfull in adding machines to the domain across the VPN.

Any suggestions or comments that could assist me?

Thanks,
Chris