You may want to look at this thread. I was trying to accomplish the
same thing. However I was doing this with Windows 2000 not 2003.
Hopefully things have changed.
David Cook wrote:
> Dee Lowndes wrote:
>> Sorry I should have said that only one Windows 2003 SBS server would be
>> in use and that would be located in the main office. Indeed to figure
>> out a way for both offices to be able to use that one server.
>> Ideas on a postcard please ;)
>> On Wed, 2006-02-01 at 07:04 -0600, MN wrote:
>>> Your Windows 2003 servers will have DNS, you can use this for the
>>> connectivity. Point your "fringe" office back at a DNS server at the
>>> office. As for DHCP, it may be more trouble than it is worth to get
> This should be possible. The key is using the hidden options in the
> config.xml file so that m0n0wall providing DHCP services on the remote
> network assigns the IP address of your SBS server as the primary DNS
> server for the remote clients. This will allow the remote clients to
> participate properly in Active Directory.
> If this is properly setup in combination with the site-site VPN, then
> there should be no need for WINS. If WINS is required (some legacy
> software fusses without it) then the IP address of your SBS server can
> be again assigned to the remote clients by DHCP and standard m0n0wall
> DHCP configuration options. See
> http://doc.m0n0.ch/handbook/faq-hiddenopts.html and the DHCP section
> on http://doc.m0n0.ch/handbook/config-services.html for details.
> A few observations.
> 1. You are going to need a small block of static IPs on each xDSL
> connection between the router and m0n0wall. The m0n0wall-m0n0wall VPN
> just won't work without the m0n0walls all having Internet IPs. A /30
> is ideal though if you have to use BT (avoid if at all possible) the
> minumum they generally supply is a /29.
> 2. Assuming that you are using MS Windows on your client PCs, this is
> all going to work much better and be easier to configure and
> troubleshoot without fighting with MS Win9x or WinME clients. If you
> have any of these left and were thinking about replacing them, now is
> the time!
> 3. Your SBS server does not need to do DHCP for the remote networks.
> You will cause yourself more work if you try, though it is possible
> using DHCP relay in m0n0wall. The key is that all PCs on the network
> are using your SBS server for DNS.
> 4. Minimise the amount of traffic that is passed between the server
> and remote clients at login and logoff. If you are using Group Policy
> for folder redirection on your main site then create Organisational
> Units for each the remote site which has a policy with either the
> folder redirction disabled or pointing to a UNC path on the remote
> local network. The clients at the remote sites then need adding to the
> appropriate OU. This doesn't apply for MS Win9x clients.
> 5. MS Outlook as a client to MS Exchange does not play nicely across
> firewalls and VPNs. In our experience the packets generated by the RPC
> traffic between the client and server are just too big for anything
> other than a LAN. The solution is to use a combination of MS Outlook
> 2003 (licensed with your SBS CALs), MS Windows XP Pro SP2 and
> configure Outlook RPC over HTTP (or better HTTPS).
> This works really well and in addition to giving everybody the full
> functionality of MS Outlook and Exchange; avoids the hell of PSTs,
> POP3/IMAP connections to Exchange mailboxes and other nastiness. If
> you have Exchange SP2 installed then this is a matter of clicking a
> few options in Exchange Administrator, manually configuring two
> registry entries and changing a couple of options in IIS. I believe we
> have a hint-sheet for this somewhere; email me if you want it. Traffic
> across the WAN between Exchange and the Outlook clients can be
> minimised by using the default Cached Exchange Mode in Outlook.
> Best regards
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch