Questions

Windows 2003 Gateway Setup

+
0 Votes
Locked

Windows 2003 Gateway Setup

fwang
We have two office A and B.

A is running SBS 2003.

We try to use a Windows 2003 server on B as a gateway and use VPN connect to SBS on A. Win2k3 on B has 2 NIC, one connect to internet, another connect to LAN switch (All PCs in B connect to the switch).

How to setup Win2k on B so that server B and all PCs in B can join domain in A and access internet through server B?

Please give the detail steps if you can. Thanks!!!
  • +
    0 Votes
    Triathlete1981

    you don't need two nics on server B. move the internet line from the server to switch. this is a security precaution. regardless of how much security you have on your network, connecting any server to the internet directly poses a security issue. a skilled (sometimes unskilled) person can do some port scanning and hack their way into your network. so, first, unplug the internet line from the server. you should get a cisco or sonicwall router (which has a useful gui that cisco doesn't) to handle the internet line. put a straight through from the router to the switch and connect everything to the switch, including the server. it shouldn't change vpns, but i don't know your system set up.

    second, if these offices are in two different locations, set up a tunnel connection between the two offices so that the server is office B can be a backup domain controller for the server in office A. that way, it minimizes traffic, ergo delay, for user authentication as well as file/folder access. and then you'd also have a backup domain controller.

    and then with the backup DC in the second office, joining ppl to a domain will be easy. if everyone's already getting internal ips from the same dhcp server in office A, then they're already part of the domain and will have access to all files/folders on server A. if computers in office B don't get internal ips from dhcp server in office A, set up the server in B to hand out ips. use the dhcp service built into 2k3 to do this. and in the dhcp scope you create, configure the default gateway to be the internal ip address of the router.

    are you really an it consultant?

  • +
    0 Votes
    Triathlete1981

    you don't need two nics on server B. move the internet line from the server to switch. this is a security precaution. regardless of how much security you have on your network, connecting any server to the internet directly poses a security issue. a skilled (sometimes unskilled) person can do some port scanning and hack their way into your network. so, first, unplug the internet line from the server. you should get a cisco or sonicwall router (which has a useful gui that cisco doesn't) to handle the internet line. put a straight through from the router to the switch and connect everything to the switch, including the server. it shouldn't change vpns, but i don't know your system set up.

    second, if these offices are in two different locations, set up a tunnel connection between the two offices so that the server is office B can be a backup domain controller for the server in office A. that way, it minimizes traffic, ergo delay, for user authentication as well as file/folder access. and then you'd also have a backup domain controller.

    and then with the backup DC in the second office, joining ppl to a domain will be easy. if everyone's already getting internal ips from the same dhcp server in office A, then they're already part of the domain and will have access to all files/folders on server A. if computers in office B don't get internal ips from dhcp server in office A, set up the server in B to hand out ips. use the dhcp service built into 2k3 to do this. and in the dhcp scope you create, configure the default gateway to be the internal ip address of the router.

    are you really an it consultant?