Question

  Asked: Aug 3 2005   9:32 AM GMT
  Asked by: winger9076


remote office


Security management, Remote users, Networking, Networking services, DHCP, DNS, Active Directory, DataCenter

I'm having trouble creating subnets for my remote office. I have a sonicwall at each office creating a vpn between locations. My server is at the main location and it does the dhcp and dns. I have no trouble setting up the vpn but not sure if I have correct settings I need in Active Directory. Any help configuring Active Directory for a remote location would be greatly appreciated

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window

Answer Wiki (Improve, edit or add to this answer)


 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0



Sorry for duplicate answer - hit the wrong key...

You've not provided enough information to go on, so I'll have to make some assumptions and ask for more detail.

First off, if you're running multiple VPN tunnels to various places, have you designed the overall network so that there is an assigned network number for each remote office?

Are you running the regular or the enhanced Sonic OS on the Sonicwall?

Have you set up routing on the Sonicwall at the central location? If so, does the rest of your main network know where the router/vpn box is? Are you running any routing protocols, or is it all static?

I'm not even going to address A/D until we (collectively) know that you've got a good routing operation going. By this I mean that (subject to deliberate restrictions) every system in all offices (central and remote) can ping every other system as required. Not that you need to do a universal ping mapping, just that every office should be able to reach every other location that it needs to.

I'd suggest that you use private IP space such as:
Central Office 172.16.1.0/24
Remote Office1 172.16.2.0/24
Remote Office2 172.16.3.0/24 etc...

Let us know what's going on...

Bob
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Security, Mobile and Networking.

Looking for relevant Security Whitepapers? Visit the SearchSecurity.com Research Library.


Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

mtburke  |   Aug 3 2005  6:01PM GMT

I would use your router for DHCP on your subnets. Set your DNS server on the routers to the IP address of the DNS server for AD domain, not an internet DNS server. The clients should register with the AD DNS server. To test this ping a workstation or server by name on a different subnet to see if it resolves.

 

cptrelentless  |   Aug 4 2005  6:58AM GMT

You could also use a DHCP relay agent. Make sure you set up the subnets and sites in AD Sites and Services correctly otherwise you will get replication errors. Don’t forget to specify your bridgehead servers and protocols. Your network should be transparent to the AD if you have configured it correctly; as long as your VPN tunnels work you’ll be ok.

 

CiscoNetguy  |   Aug 4 2005  10:36AM GMT

if at your remote sites you have a router you could set up DHCP on the router and negate the need to perform DHCP across the VPN … saving some traffic.. you could still authenticate across.. it would make the design a little simpler… food for thought…