Join domain from remote and VPN setup

[Jack]

Our future Exchange server is colocating in a remote hosting site. In order
to share the AD user accounts in HQ's DC, I understand I need to setup VPN
between the remote new server and HQ, have the new server join domain and
promote it to be a DC, and install Exchange that is integrated with AD
(please correct me if I'm wrong). I'm planning to use Win2k RRAS to setup
the VPN. I have the following questions about the setup:
1) Do I setup Gateway to Gateway VPN or Client to Gateway VPN? The only
purpose of this VPN is for the HQ's DC replicate AD to the remote DC.
2) The HQ uses a basic Linksys dsl router. It has one public ip and can
forward ports to different computers on the private LAN. Win2k RRAS requires
2 NICs for a VPN setup. One for our internal 192.168.1 network and one for
the Internet. In my case, do I just need one NIC and forward the necessary
ports from Linksys to this NIC's private ip address? If two NICs are
required, will the 2nd NIC still hold a private ip for Linksys is holding
the public ip address and forward ports to private ips? Please advise.

Thanks,
-jack

 

[Brian Desmond [MVP]]

Hi Jack,

I would recommend that you do the DC install & Exchange setup onsite, before
you move the machine to the colo facility. This will make things go a lot
quicker.

RRAS should work. You can use the MS Loopback adapter to emulate the second
NIC, if you like. I don't know offhand what ports you need to forward, this
is not something I dabble in much, but, it's a common problem. You would
honestly have an easier go of it if you picked up a Linksys VPN router for
either end. I believe they're <$100, and they'll handle all the VPN stuff
and offload it from the servers. A lot easier to configure as well.

--
--
Brian Desmond
Windows Server MVP
(e-mail address removed)12.il.us

Http://www.briandesmond.com