Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Site to Site question
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Site to Site question - 28.Jul.2008 10:54:41 AM
|
|
|
teejayuu
Posts: 34
Joined: 7.May2008
Status: offline
|
Hi
I am setting up a lab to simulate our current configuration prior to installing an ISA Server site to site VPN. Our branch office runs on a Linux server with a DNS zone of branch.local. All PC's are configured at the main office on a domain main.org.uk in Active Directory then shipped to the branch office i.e FQDN of a branch pc would be branch1.main.org.uk. The main office IP range is 10.1.1.0/24 and the branch is in the 192.168.24.0/24.
My questions are:
- Would we be able to use both these ranges?
- Would the branch office require it's own Domain Controller?
- Could the existing dns zone be kept?
I am trying to follow Thomas Shinder's tutorial but there is no information regarding the branch office DNS/DC setup, just a comment quote:
both the EXCHANGE2003BE machine and the REMOTEHOST macine are DHCP servers .
The ISA Server has only been installed for about 3 months as part of an IT infrastructure, re-structuring away from Linux based servers at both the main and berach offices, so please excuse me if these are obvious questions
Thanks
Tony
|
|
|
|
|
RE: Site to Site question - 28.Jul.2008 11:25:45 AM
|
|
|
paulo.oliveira
Posts: 820
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline
|
Hi,
quote:
My questions are:
- Would we be able to use both these ranges?
- Would the branch office require it's own Domain Controller?
- Could the existing dns zone be kept?
1. Yes, the range are differents from each other. It will be no problem.
2. There´s no need of DC, cause the shipped computers will connect with the main DC through VPN if the required protocols are allowed. But, I´d advice you to install a DC on branch´s office if you plan to use all the branch offices machine in the same domain as the main DC.
3. No problem about that either.
Regards,
Paulo Oliveira.
|
|
|
|
|
RE: Site to Site question - 28.Jul.2008 1:14:54 PM
|
|
|
teejayuu
Posts: 34
Joined: 7.May2008
Status: offline
|
Hi Paulo and thanks
quote:
1. Yes, the range are differents from each other. It will be no problem.
Greatquote:
2. There´s no need of DC, cause the shipped computers will connect with the main DC through VPN if the required protocols are allowed. But, I´d advice you to install a DC on branch´s office if you plan to use all the branch offices machine in the same domain as the main DC. Ok - is it better to call the Domain at the branch the same as that at the main office?quote:
3. No problem about that either.
Would it be better to use the same DNS zone main.org.uk or branch.org.uk?
|
|
|
|
|
RE: Site to Site question - 28.Jul.2008 1:40:55 PM
|
|
|
paulo.oliveira
Posts: 820
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline
|
Hi,
quote:
Ok - is it better to call the Domain at the branch the same as that at the main office?
Would it be better to use the same DNS zone main.org.uk or branch.org.uk?
For both questions the same answer. If you´re talking about the same company (what I think it is) is so much better everything be the same as main office.
Regards,
Paulo Oliveira.
|
|
|
|
|
RE: Site to Site question - 29.Jul.2008 2:51:43 AM
|
|
|
teejayuu
Posts: 34
Joined: 7.May2008
Status: offline
|
Thanks again Paulo. I am in a unique position whereby I can reorganise our infrasturcture and erase the mistakes of the past. I am trying to (where possible) use best practice but do not necessarily have the complete expertise in all the applications/servers - so thanks again to yourself and your colleagues for all your help.
Both branch and main offices are the sames company, I'll try your recommendations out in the lab.
Would it be best to have the branch office as an additional DC in the same domain/forest or as an independant DC with the same domain name?
Cheers
Tony
< Message edited by teejayuu -- 29.Jul.2008 3:09:34 AM >
|
|
|
|
|
RE: Site to Site question - 29.Jul.2008 8:15:17 AM
|
|
|
gbarnas
Posts: 147
Joined: 27.Apr.2005
From: New Jersey
Status: offline
|
Unrelated to ISA, but... if you create a DC in your branch that is "an independent DC with the same domain name", that's exactly what you'll get - an independent domain with no ability to authenticate users outside of that branch location, as it will be a different forest. Unless that's really what you want, you'd be best served by a DC in the current forest/domain. You do have choices - you could define it as an AD Site, or could create a child domain (branch.domain.tld), but that adds complexity that is likely unnecessary.
Glenn
|
|
|
|
|
RE: Site to Site question - 29.Jul.2008 8:18:52 AM
|
|
|
paulo.oliveira
Posts: 820
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline
|
Hi Glenn,
agree with you. The best choice here is one unique domain with two DCs.
Regards,
Paulo Oliveira.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
