Scribd Logo
Importer

Bienvenue sur Scribd !

  • Related Topics:: Solution

    Transféré par

    jitu342
    43 vues2 pages
    VPN service

    Titre original

    VPN

    Copyright

    © © All Rights Reserved

    Formats disponibles

    DOCX, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    VPN service

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOCX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    43 vues2 pages

    Related Topics:: Solution

    Transféré par

    jitu342
    VPN service

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOCX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 2

    Sorry if I'm asking some very obvious (or completely wrong) question...

    I'm trying to better


    understand something that is very new to me...
    In our office we have a quite simple network configuration.
    Network addresses are 192.168.20.x (subnet mask 255.255.255.0)
    Domain controller is also DHCP server and DNS server. IP address 192.168.20.1
    Default gateway is our firewall (Fortigate 60C). IP address 192.168.20.252
    Now we are opening a new branch office (200 km far from the headquarter) and we want to
    connect the 2 offices with a site to site VPN (I think we will buy another Fortigate firewall to make
    things easier)
    1) Will the branch office have completely different network addresses ? ex: 192.168.10.x (subnet
    mask 255.255.255.0) or is it possible to have only one network bor both (for example using
    255.255.252.0 as subnet mask so I can have 192.168.20.x and 192.168.21.x ?)
    2) Do I need to have a new DHCP server in the new office ? or is it possible to have the DC
    acting as DHCP server for both offices ?
    I obviously want that all users in the new office can reach easily all servers (mainly virtual
    machines) located in the headquarter using the site to site VPN
    Thank you
    RELATED TOPICS:

    Solution

    Yes, the branch office location will need an independent subnet such as 192.168.10.x from the
    main site which currently uses 192.168.168.20.x. You can use the router at the remote site to
    provide DHCP services but having a separate server at the remote site can be very useful in the
    long run (easy way to check operation of the remote site is to login through a service such as
    LogMeIn configured on the remote server remotely which isn't dependent on your VPN being up
    but only on internet access) plus it can provide print sharing, an offsite backup for your main site,
    etc. No, you do NOT want to use the 255.255.252.0 subnet to make both locations on the same
    effective network. You might "possibly" do this with an MPLS circuit but very unlikely otherwise.
    An MPLS circuit basically is one virtual network with drops at different physical locations.

    You can use the DNS on the main site only or better have both sites reference the DNS on
    servers at each site with the primary DNS being selected by the location with active directory
    replication between the sites.
    You will need to enable NetBIOS for access from the remote site for seamless connectivity or
    add route statements on the router so that all resources can be reached from the remote location
    transparently for the remote users. While you can setup sub-domains for the remote sites, in
    many cases, keeping things simple by just having one active directory location may be better all
    around. Don't forget to add the static records for the remotely accessible equipment to the DNS
    and the reverse DNS zone for the remote offices to the HQ's DNS and make sure that the pointer
    records are in place.

    Vous aimerez peut-être aussi