[ previous ] [ next ] [ threads ]
 From:  "Bryan K. Brayton" <bryan at sonicburst dot net>
 To:  "Chuck Mariotti" <cmariotti at xunity dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Win2k3 Network splitting... one AD Forst, but with some servers off site. Suggestions for Mono?
 Date:  Mon, 28 Aug 2006 16:03:46 -0400
A site-to-site vpn is probably the most traditional way to go, but if you didn't want to go that
route, you could always try to do domain isolation via ipsec policies.  See
http://www.microsoft.com/technet/itsolutions/msit/security/ipsecdomisolwp.mspx for more on that
There are pros and cons with domain isolation with ipsec policies, most notable are that fact that
it can be much more complex to set up, depending on the number of servers/clients/etc, and that it
doesn't play too well with NAT.  The latter can be overcome with NAT-T, but I don't know where
m0n0's support for that is yet.  I think I may have seen that someone enabled that in the kernel in
one of the beta builds, but don't remember for sure.


From: Chuck Mariotti [mailto:cmariotti at xunity dot com]
Sent: Mon 8/28/2006 2:48 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Win2k3 Network splitting... one AD Forst, but with some servers off site.
Suggestions for Mono?

I currently have everything in house, web server hosting, exchange
servers, CRM, VoIP Trixbox, etc...

I have run into some major bandwidth problems and have decided that
taking most of these bandwidth sucking applications off site and putting
them into a hosted cage (with 32 IP address) would be the best. I have
to pay for bandwidth usage, etc...

At the moment, everything is sitting behind a monowall firewall. Very
straight forward and great.

I plan on physically splitting my Win2k3 network up so that some parts
stay on the old site and others are moved to the new site (Two AD
servers, one at each location).

I would still like to be able to build and add machines to the Win2k3
domain at the old site and have that information sync out to the new
site. It would also be nice to still be "part of the network
neightbourhood" so that machines can see each other, and browse shares,
etc... I guess I have to worry about bandwidth usage, do not want
useless traffic back and forth.

Can anyone suggest an effective, straight forward way of doing this?
(since every 1u rack space costs me money, bandwidth costs me money and
I'd rather not make a large investment in hardware if I can avoid it).

I have an old Linksys BEFVP41 ... No clue how to use it or if it can be

I am guessing that a networked VPN Connection (maybe this old Linksys)
from the old site to the new site might be best. But I do not know if
this is the best way or where to start looking.

Any suggestions would be appreciated.



To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch