SBS 2000 to SBS 2003 through VPN

[Guest]

I have SBS 2000 in office A and SBS 2003 in office B.
Both offices connected to the Internet by ADSL 1204kb.

Office A have Real IP address on SBS 2000 Server, clients of Office A
connected through ISA 2000. Exchange 2000 are used by office A. Local subnet
is 10.46.0.X

Office B will also have real IP adress on SBS 2003 Server and clients of
Office B will also be connected through its ISA 2000. Local subnet will be
192.168.0.X.

Both SBS have domain name <A.local> and <B.local>.

SBS’s can’t be in trusted relationship by definition. I have two identical
list of users and passwords on each SBS. It is not a tragedy because I have
only 15 users.


My tasks are:

Allow users of office B to see servers in diferent domain A and work with
files on servers of office A and wice versa.
Allow ODBC connection from office B to SQL server on office A.
Work with remote desktop from office B to the internal PC’s of office A.
Work with Outlook from office B with Exchange 2000 in office A.

How to solve this task the most optimal way?
In What order (what is the first, what is the next)?

Will be glad to any suggestions!!!

P.S.

Now I have tested VPN clint –to –server access, .
In KB article 320697 “How to: Turn On and Configure Inbound VPN Access in
Small Business Server 2000â€. Everething work fine, but every user must login
to remote net - it is not secure.
I need solution on server to server level.

In KB article 303503. “How to join or Access an Internal Domain from an
External Client Using ISA Server and VPN.†Used ISA to ISA configuration. Is
it enough to resolve my tasks? What about WINS configuration and another
services?
I can’t test it right now. I don’t know is it works with local domains
<x.local>?

 

[Robert L [MS-MVP]]

I am not sure the issue. I would use TS or RDC as you mentioned remote desktop.

For more and other information, go to http://howtonetworking.com.

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.
I recommend Brinkster for web hosting!

I have SBS 2000 in office A and SBS 2003 in office B.
Both offices connected to the Internet by ADSL 1204kb.

Office A have Real IP address on SBS 2000 Server, clients of Office A
connected through ISA 2000. Exchange 2000 are used by office A. Local subnet
is 10.46.0.X

Office B will also have real IP adress on SBS 2003 Server and clients of
Office B will also be connected through its ISA 2000. Local subnet will be
192.168.0.X.

Both SBS have domain name <A.local> and <B.local>.

SBS’s can’t be in trusted relationship by definition. I have two identical
list of users and passwords on each SBS. It is not a tragedy because I have
only 15 users.


My tasks are:

Allow users of office B to see servers in diferent domain A and work with
files on servers of office A and wice versa.
Allow ODBC connection from office B to SQL server on office A.
Work with remote desktop from office B to the internal PC’s of office A.
Work with Outlook from office B with Exchange 2000 in office A.

How to solve this task the most optimal way?
In What order (what is the first, what is the next)?

Will be glad to any suggestions!!!

P.S.

Now I have tested VPN clint –to –server access, .
In KB article 320697 “How to: Turn On and Configure Inbound VPN Access in
Small Business Server 2000â€. Everething work fine, but every user must login
to remote net - it is not secure.
I need solution on server to server level.

In KB article 303503. “How to join or Access an Internal Domain from an
External Client Using ISA Server and VPN.†Used ISA to ISA configuration. Is
it enough to resolve my tasks? What about WINS configuration and another
services?
I can’t test it right now. I don’t know is it works with local domains
<x.local>?

 

[Guest]

Thank you Robert!

I use TS and RDC for some reason, but it is not not enough.
I have two TS sessions on SBS. But I can't install two additional Terminal
Servers for all users.

My task is to connect to the remote NET and use files, ODBC,
Otlook/Exchange(not OWA). One of my program is on NET A and use SQL server
on net B through ODBC.
It is work fine in client-server VPN. But in client server VPN I can open
only 4 VPN sessions simultaneously from NET A. I dont know why.I have added
ports on RAS, but it is not help. Is is not enough for all users on NET A.
And every user on NET A should log on two the remote NET B. It is not secure.
There are should be decision on server to server software VPN.


Robert

 

[Guest]

Thank you Robert!

Of cource I use TS and PDC for some reason, but it is not enough.
I can't allow two new Terminal Servers on every NET.
I also need Excahnge/Outlook(not OWA) and ODBC connection.
One of my program in NET A use ODBC to connect to the SQL server on NET B.
In client server VPN everything work fine, but (I don't know why) there may
be only 4 client-server VPN connection from net A, to the NET B
simultaneously. I added VPN ports on the RAS server but it is not help. And
in clien-server VPN every user In net A should logon to net B. It is not
sutable and secure. The should be decision on NET to NET (Server to server)
VPN.

 

[Guest]

The problem was resolved when I change from ADLS NAT to ISA 2000 Firewall.

One my Local network Server 2000 have ISA 2000 and real IP.
Remote network have Server 2003 and have ADSL NAT (but for Clients PCs I
use DHCP on my Server 2003, not DHCP on ADSL modem). Server 2003 had not real
IP.


Users on Remote network can establish only one Client-to-Site connection to
the Local network simultaneously.

When I ask my ISP by phone to switch off ADLS NAT and switch it on as
ADSL Router and I get Real IP for my Server 2003. Of couse before connecting
Server to Internet I install ISA SP2 on Server 2003 for security and net
antivirus reason. And reconfigure DHCP router from ADSL to Server 2003
internal address.
After this every User of Remote network can establish Client-to-Site
connection to Local network simultaneously with other Users due to ISA 2000.
Of course my Local network Server 2000 was configured as VPN server with
128 ports. And ISA was configured to allow PPTP trafic. I do it by running
wizards – ISA management->Nework configuration-(right mouse click) ->Allow
VPN Client Connections. This made PPTP filters.

Client-to-Site connections easy established from Client PCs :
Start->Setings->Network connections In this window File->New Connection and
select in wizard points with word “VPNâ€
Then enter IP address Server of server on another network.


Of course Guru will say that I must do Site-to-Site connection. I try It
three times and have a lot of problems. May be this problems due to Server
2003 to Server 2000 connection .For example clients of remote network can’t
see clients of Local network. For example if I have internal SQL server in
Local network - it is not accessible from Remote network clients ODBCs. There
was problems with Outlook/Exchange also.

In Client-to-Site model there are no such problems at all. The advantage is
every user can see how bites receive and sends (blue screen icon in right
bottom Conner). And If connection is slow – he can reconnect it. But if you
use Site-to-Site model and have slow connection (for example ADSL ISP in
Remote Network is different from ADSL ISP on Local network), the User can’t
see anything and can’t understand what is the reason why it so slow.


Of couse Client-to-Site is not standard decision for connecting two NETs,
but it’s working when you need extensible network services.