Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Kerio VPN for a 2nd Place
  •  
HardyE

Messages: 13
Karma: 1
Send a private message to this user
Hello from Germany!

I habe a big Problem with the Configuration for a great Network with WinRoute. There are two Places connectet with Dyn-IP DSL to the Internet (with WinRoute 6.4.2). These both Places have Windows Server 2003 Servers. In the Main-Place (www.aaa.de) there is a Domain-Controller Server (Windows Small-Business-Server) and a File-Server.
At the other Side (www.bbb.de) there is a Member-Domain-Controller Server with a File-Server, which will be synced with the Main-DomainController Server (DNS) and the File-Server via DFS-R. At the 2nd Place there must be a Member-DomainController.

What must I do now to make this correct working?
I have read the Manual with all examples, but I think that would generate a Problem with the DNS-Servers in my Network.

The following bitmap (File Attachment) will illustrate my Problem.

Thanks for helping
Greetings from Germany
Hardy

  • Attachment: Netzplan.jpg
    (Size: 113.93KB, Downloaded 591 times)
  •  
RHarmsen.nl

Messages: 189

Karma: 0
Send a private message to this user
You need to make sure the DNS resolving is the same for your whole domain.

The best thing is to setup a Windows Server 2003 DNS/AD server for the 2nd location, but you might consider pointing the DNS to the 1st location for the time being.
  •  
HardyE

Messages: 13
Karma: 1
Send a private message to this user
Yes, the Main-DNS-Server for the Domain is the SBS-Server in the Main-Area.
In my Bitmap-File you can see that there is a 2nd DNS and AD-Server on the other place. This is a member-server of the domain.
My first Problem is how to configure the DNS-Server entrys fpr the VPN-Tunnel. At the main-place the DNS-Server is the SBS-Server. But winroute is the DNS for the Internet-Connection. For the VPN there must be the SBS-Server the DNS, or not?

The second problem, I dont understand, is: Why must I set up an IP-Adress and a Subnet for the VPN-Tunnel?

I think I have to test some constellations in the next days.


Thanks for help
Hardy
  •  
RHarmsen.nl

Messages: 189

Karma: 0
Send a private message to this user
You need to point your Winroute DNS servers to a local Active Directory powered DNS system, and let those systems handle all DNS requests for the local domain and internet in order for all of you machines to be able to resolve the internal addresses.

I have no drawing tools available at the moment so can't give you a graphical representation.


For my self, I have made my winroute machines a AD+DNS+DHCP server, and disabled the Winroute DNS+DHCP service.



The subnet and addresses are needed in order to route the traffic between the two locations.

Good luck

  •  
HardyE

Messages: 13
Karma: 1
Send a private message to this user
Thanks!

Then its normal that the VPN-Tunnel has its own IP-Adress.
I will do it so:
At both ends I will give the Kerio-VPN Settings the DNS-Server of the AD-Servers. At the main Side the SBS and at the other side the Member-Server. So it will worh, hopefully.

What kind of settings must be at "Routing-Informations" at the VPN-Settings? Must have the VPN-Tunnel the same IPs? So like:
Main: 172.30.3.1 / 255.255.255.0
Other: 172.30.3.2 / 255.255.255.0

Is this correct?

Thanks
  •  
RHarmsen.nl

Messages: 189

Karma: 0
Send a private message to this user
One of the Winroute machines is actualy a sort of "client" in the VPN speaking, so one of the VPN sides doens't need to have IP's configured.

you better set them both to another subnet to avoid conflicts and routing issues
Previous Topic: Need technical support for create 100-120 vpn tunnels for terminal connections.
Next Topic: part of Moster.com is blocked
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Oct 19 14:54:35 CEST 2017

Total time taken to generate the page: 0.00874 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.