Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Site to Site VPN with separate Domain

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Site to Site VPN with separate Domain Page: [1]
Login
Message << Older Topic   Newer Topic >>
Site to Site VPN with separate Domain - 24.Feb.2004 3:05:00 PM   
Guest
 Hi there

I now have 1 ISA2004 beta server up and running. This is in its own Domain with a one way trust to my internal Domain (should be more secure i guess) Anyway i now want to get a second ISA2004 beta server up and running in a second location and i guess i should join it to the existing ISA Domain. Can i do this from a remote location by setting up the VPN using the new server as standalone then DCPROMO it once i have the VPN up and running?

Any suggestions on the best way to do this much appreciated.
  Post #: 1
RE: Site to Site VPN with separate Domain - 25.Feb.2004 12:49:00 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi A,

It definitely is possible, but I haven't doc'd it out yet. I have the details for ISA 2000 over at www.isaserver.org/shinder, but I'm sure the procedures will be a bit different with ISA 2004.

HTH,
Tom

(in reply to Guest)
Post #: 2
RE: Site to Site VPN with separate Domain - 25.Feb.2004 10:44:00 AM   
Guest
 Hi Tom

I'll give it a try and let you know if i manage it. Otherwise i guess i can take the server to the location with the existing Firewall, DCPROMO it whilst allowing it to talk to the existing DC and then move it to the other office and setup the VPN.

(in reply to Guest)
  Post #: 3
RE: Site to Site VPN with separate Domain - 25.Feb.2004 11:59:00 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi A,

Sounds good. Let us know how it works out for you!

Thanks!
Tom

(in reply to Guest)
Post #: 4
RE: Site to Site VPN with separate Domain - 27.Feb.2004 11:52:00 AM   
awj

 

Posts: 104
Joined: 26.Feb.2004
From: UK
Status: offline 		Hi Tom

After a bit of thought i decided not to use the same Firewall Domain at both ends of my VPN for a couple of reasons. One if the separate Firewall Domain was compromised it would compromise both ends (minor reason) but the main one was that if i had two DC's with one at each end of the VPN they would just add traffic throught their replication needs. As i want separate policies at each end anyway i see no real benefit and authentication will be through a 1 way trust back to the internal Domain anyway. (As i will already have the Internal users Domain replication traffic i don't want to add to this without any benefit)

(in reply to Guest)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Site to Site VPN with separate Domain Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts