How to connect 2 windows 2003 remote domains?

lil_shark72 · 22-01-2008

Can someone help me in this?

Our company is opening a new Branch office that is 100 miles away from the
main office...All our servers are Windows 2003 and all our clients use XP
Pro. Both location have a DSL connection to the internet. We do not have a
static (Public) IP address for the company..just a connection to the internet
through DSL..

How do I connect both location together so we can share files and internet
connection?

What are the requirements? e.g Do we need to lease our own IP address? Do we
need 2 IP address or just one for both sites? do we need a router at each
location?

PLEASE show me in steps like 1 2 3 what to do A-Z

Bill Grant · 22-01-2008

You do not need any additional public IP addresses. The remote site will
operate on private addresses as your existing site does (using a different
IP subnet). What you need is a link between your two private networks.

In the past, you would have used a leased line to connect the two
private sites. This is still an option if there is a supplier in your area,
but they can be expensive. Another option is VPN (Virtual Private Network)
which emulates a leased line. Instead of having a dedicated connection
between the sites, you use the Internet. A "tunnel" is created through the
Internet between your two sites. Data using this route is encrypted and
encapsulated so that it crosses the Internet securely.

At each site you have a DSL router whih is capable of hosting a VPN site
to site connection. Normal Internet traffic uses this router as you do at
present. Traffic which is addressed to the other private LAN is intercepted
by the router and is encrypted and encapsulated before it sent. This traffic
is tunnelled through the Internet to the VPN router at the other site.

Encapsulation is the process which enables the tunnelling. After the
whole packet is encrypted it is encapsulated (ie given a new header). This
new header has the public IP of the destination router. The encapsulated
packet goes through the Internet to the router at the other site.

The two sites behave just like any two subnets connected by an IP router
(a slow one in this case). Once the site to site link is in place machines
in site A can directly contact a machine in site B and vice versa. You can
then modify your DNS and Active Directory (if you use a domain) as you would
in any routed network.

Ryan Hanisco · 23-01-2008

To connect the two sites I would do the following:
1. Make sure I had at least 1 static IP addresses at each site for the
router -- your DSL service may have given you a router that will meet your
needs.
2. Make sure I have different internal Network addresses between the sites
(like 192.168.1.0/24 and 102.168.2.0/24)
3. Create a static VPN between the sites from router to router -- sometimes
your provider will even help you through this.
4. You're off and running.

-- In some cases it may be helpful to have different public IP addresses to
separate your PAT pool for Internet access from the router address.
-- If you don't have a router and are looking for something inexpensive, I
usually recommend one of the Cisco 800 series routers as a good entry point.
You can go cheaper, but I like business-class devices for business.
-- Talk with your ISP and explain your needs, they'll usually work with you.
They might want to charge you, but it is cheaper than hiring someone to do
it and it is good money spent. Also dealing with a telco/ ISP there tends to
be time on the phone to get passwords/access/other info and you don't want to
pay someone you've hired to sit there on hold waiting to talk to a call
center. Even if the ISP charges more, it is often cheaper in the long run.

lil_shark72 · 24-01-2008

Bill Thanks soooo much for these useful infos I only have one question left.
I notice ( or I shoud say I think) all DSL routers have the same address
19.168.1.1. How would my network communicate with the other end if that DSL
router uses the same address?

Im getting closer to it...May I ask you 2 more
questions?
1. Will the router do (NAT) thing for me,
2. can I use private address for my LAN or I have to use public IPs for the
hosts on both sites to see each other.

3. If I call my ISP and they give me 2 static IP addresses and assign each
IP address to a cisco router. What's next I should do so that the two windows
2003 domains can see each other so that Network A can see all PC in network B

4. In the (route add) command do you use the subnet mask of Network (A) or
the Subnet mask for Networ (B)

Sorry for all these questions and thanks a lot for your help

That won't work. If you are going to route between sites they must be in
different IP subnets.

**ColoRiv** · 18-06-2010

This is almost my exact situation also. I have trusts set up between the domains(one 2000, one 2003), and would like to modify my dns so that everything on each end is visible/accessible from the other.

Both subnets are listed as reverse lookup zones(with records for the name server, SOA and Wins-R) on both servers.

Shouldn't this be enough to make both networks browseable?

Ironically, someone built a pointer to every workstation and server in that domain in one of the reverse lookup zones, and that one is browseable. I'd really like to avoid having to do that in the other.