Running RRAS withy AD

G

Guest

I want to set up a seperate develoment domain. I plan to use a box that we
have as a router between the main LAN and the new dev one as I am told that
they need to be segregated. I am planning to use RRAS on the box but was also
wondering whether I could install AD (for the dev domain) on the same box as
it will only be routing a small volume of traffic between the networks. Are
there any reasons why it would not be a good idea to do this?
 
R

Robert L [MS-MVP]

Enabling RRAS in a DC may cause name resolution or connectivity issue. But for testing and troubleshooting purpose, I always do that. It should work, if you have correct configuration. This link may help,

Name resolution on VPN Connection issues on DC, ISA, DNS and WINS server as VPN server How to assign DNS and WINS on VPN client manually Name resolution Issue in a VPN client ...
www.chicagotech.net/nameresolutionpnvpn.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
I want to set up a seperate develoment domain. I plan to use a box that we
have as a router between the main LAN and the new dev one as I am told that
they need to be segregated. I am planning to use RRAS on the box but was also
wondering whether I could install AD (for the dev domain) on the same box as
it will only be routing a small volume of traffic between the networks. Are
there any reasons why it would not be a good idea to do this?
 
B

Bill Grant

If you configure the RRAS box as a NAT router it should isolate the test
domain from the production domain. The test domain will be able to get to
the existing LAN and the Internet using NAT, but the existing LAN will not
be able to see the test domain (because it is on the public side of the NAT
router). As Robert said, don't even think of using a DC as the router. A
standalone server running as a dedicated router is best.

It doesn't need a powerful machine. Anything that will run W2k can do
the job. I have a standalone W2k RRAS router running under VPC to connect a
"virtual" LAN to a physical LAN and it works fine. AD runs on the virtual
LAN in its own subnet. All you need to do is set the DNS in the test LAN to
forward to a public DNS. Don't use the RRAS router as a DNS proxy as AD
clients (and the DC itself) need to use the local DNS.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

RRAS Routing - Cant get to work 1
RRAS routing and 802.1p QoS? 0
Change IP Pool in RRAS 13
Rras authentication 1
RRAS IP address assignment 2
Help with Site-to-site VPN using 2k3 RRAS 2
RRAS MMC confusion 2
Routing with Multple IP's 0

Top