| Author |
Message |
razor
Guest
|
 Posted:
Sat Nov 05, 2005 1:50 am Post subject:
Do I Need a Separate Subnet for a VPN? |
|
|
Hello--
We just installed a SonicWALL firewall in our remote office and configured a
VPN tunnel to our PIX firewall in the main office. It is all working great.
I am about to set up a 1 2 1 NAT on the SonicWALL and wondered if I need
to/should set up a separate subnet on our domain for this office?
We only have one domain and one site. We are only about 50 users total, and
only 3 IPs will be used in the remote office. We want the workstations in the
remote office be able to take advantage of some of our enterprise solutions
and group policies on the domain.
I want the 3 workstations in the remote office to have their IPs and DNS
static and not utilize our DHCP server.
What is the best practice on this?
Thank you,
Stephen |
|
| Back to top |
|
 |
razor
Guest
|
| Posted:
Sat Nov 05, 2005 7:51 am Post subject:
RE: Do I Need a Separate Subnet for a VPN? |
|
|
I failed to mention all of our servers are running Windows Server 2003 and
our workstations Windows XP Pro....
"razor" wrote:
| Quote: | Hello--
We just installed a SonicWALL firewall in our remote office and configured a
VPN tunnel to our PIX firewall in the main office. It is all working great.
I am about to set up a 1 2 1 NAT on the SonicWALL and wondered if I need
to/should set up a separate subnet on our domain for this office?
We only have one domain and one site. We are only about 50 users total, and
only 3 IPs will be used in the remote office. We want the workstations in the
remote office be able to take advantage of some of our enterprise solutions
and group policies on the domain.
I want the 3 workstations in the remote office to have their IPs and DNS
static and not utilize our DHCP server.
What is the best practice on this?
Thank you,
Stephen |
|
|
| Back to top |
|
|
Bill Grant
Guest
|
| Posted:
Sun Nov 06, 2005 1:50 am Post subject:
Re: Do I Need a Separate Subnet for a VPN? |
|
|
It depends on how you set up the VPN. If each user has an individual VPN
connection, there is no need to make any changes in AD sites. You would only
need to do that if they were connected by a site-to-site VPN and there was a
DC at the second site. In that case it would be a good idea to set up a
second site in AD (on its own subnet) and move the remote machines into that
site.
razor wrote:
| Quote: | I failed to mention all of our servers are running Windows Server
2003 and our workstations Windows XP Pro....
"razor" wrote:
Hello--
We just installed a SonicWALL firewall in our remote office and
configured a VPN tunnel to our PIX firewall in the main office. It
is all working great.
I am about to set up a 1 2 1 NAT on the SonicWALL and wondered if I
need to/should set up a separate subnet on our domain for this
office?
We only have one domain and one site. We are only about 50 users
total, and only 3 IPs will be used in the remote office. We want the
workstations in the remote office be able to take advantage of some
of our enterprise solutions and group policies on the domain.
I want the 3 workstations in the remote office to have their IPs and
DNS static and not utilize our DHCP server.
What is the best practice on this?
Thank you,
Stephen |
|
|
| Back to top |
|
|
razor
Guest
|
| Posted:
Sun Nov 06, 2005 1:50 am Post subject:
Re: Do I Need a Separate Subnet for a VPN? |
|
|
There is no Domain Controller in the remote office--actually there are no
servers at all. There is one single VPN tunnel between firewalls.
What do you think?
--
Stephen
"Bill Grant" wrote:
| Quote: | It depends on how you set up the VPN. If each user has an individual VPN
connection, there is no need to make any changes in AD sites. You would only
need to do that if they were connected by a site-to-site VPN and there was a
DC at the second site. In that case it would be a good idea to set up a
second site in AD (on its own subnet) and move the remote machines into that
site.
razor wrote:
I failed to mention all of our servers are running Windows Server
2003 and our workstations Windows XP Pro....
"razor" wrote:
Hello--
We just installed a SonicWALL firewall in our remote office and
configured a VPN tunnel to our PIX firewall in the main office. It
is all working great.
I am about to set up a 1 2 1 NAT on the SonicWALL and wondered if I
need to/should set up a separate subnet on our domain for this
office?
We only have one domain and one site. We are only about 50 users
total, and only 3 IPs will be used in the remote office. We want the
workstations in the remote office be able to take advantage of some
of our enterprise solutions and group policies on the domain.
I want the 3 workstations in the remote office to have their IPs and
DNS static and not utilize our DHCP server.
What is the best practice on this?
Thank you,
Stephen
|
|
|
| Back to top |
|
|
Bill Grant
Guest
|
| Posted:
Sun Nov 06, 2005 9:50 am Post subject:
Re: Do I Need a Separate Subnet for a VPN? |
|
|
I thik you can ignore AD sites. The clients will need to log on to a DC
at the main site, so there is nothing to be gained.
razor wrote:
| Quote: | There is no Domain Controller in the remote office--actually there
are no servers at all. There is one single VPN tunnel between
firewalls.
What do you think?
It depends on how you set up the VPN. If each user has an
individual VPN connection, there is no need to make any changes in
AD sites. You would only need to do that if they were connected by a
site-to-site VPN and there was a DC at the second site. In that case
it would be a good idea to set up a second site in AD (on its own
subnet) and move the remote machines into that site.
razor wrote:
I failed to mention all of our servers are running Windows Server
2003 and our workstations Windows XP Pro....
"razor" wrote:
Hello--
We just installed a SonicWALL firewall in our remote office and
configured a VPN tunnel to our PIX firewall in the main office. It
is all working great.
I am about to set up a 1 2 1 NAT on the SonicWALL and wondered if I
need to/should set up a separate subnet on our domain for this
office?
We only have one domain and one site. We are only about 50 users
total, and only 3 IPs will be used in the remote office. We want
the workstations in the remote office be able to take advantage of
some of our enterprise solutions and group policies on the domain.
I want the 3 workstations in the remote office to have their IPs
and DNS static and not utilize our DHCP server.
What is the best practice on this?
Thank you,
Stephen |
|
|
| Back to top |
|
|
razor
Guest
|
| Posted:
Mon Nov 07, 2005 1:50 am Post subject:
Re: Do I Need a Separate Subnet for a VPN? |
|
|
OK, thanks. I'll just exclude their IPs from the DHCP server in the main
office and keep them on the same domain, site and subnet.
sd
"Bill Grant" wrote:
| Quote: | I thik you can ignore AD sites. The clients will need to log on to a DC
at the main site, so there is nothing to be gained.
razor wrote:
There is no Domain Controller in the remote office--actually there
are no servers at all. There is one single VPN tunnel between
firewalls.
What do you think?
It depends on how you set up the VPN. If each user has an
individual VPN connection, there is no need to make any changes in
AD sites. You would only need to do that if they were connected by a
site-to-site VPN and there was a DC at the second site. In that case
it would be a good idea to set up a second site in AD (on its own
subnet) and move the remote machines into that site.
razor wrote:
I failed to mention all of our servers are running Windows Server
2003 and our workstations Windows XP Pro....
"razor" wrote:
Hello--
We just installed a SonicWALL firewall in our remote office and
configured a VPN tunnel to our PIX firewall in the main office. It
is all working great.
I am about to set up a 1 2 1 NAT on the SonicWALL and wondered if I
need to/should set up a separate subnet on our domain for this
office?
We only have one domain and one site. We are only about 50 users
total, and only 3 IPs will be used in the remote office. We want
the workstations in the remote office be able to take advantage of
some of our enterprise solutions and group policies on the domain.
I want the 3 workstations in the remote office to have their IPs
and DNS static and not utilize our DHCP server.
What is the best practice on this?
Thank you,
Stephen
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in