Jump to content
Compatible Support Forums
Sign in to follow this  
skp

Connect networks over internet

Recommended Posts

I am trying to connect a couple of networks over the internet. There is a main network that uses a NT 4.0 domain server. There are two other networks that are just setup as workgroups in different locations. I would like for all the computers to be able to see each other like they are connected to the same workgroup. Can somebody tell me how to set this up or give me a place where I could find the info on how to do this?

Share this post


Link to post

Just a quick note.

 

If you are working with primarily NT 4 servers (from what I have read) ... then create trusts and create PPTN VPN Connections using RRAS found in the OPTION PACK. That will allow secure connections for your networks with the internet used as the medium. VERY ROUGH EXPLANATION.

 

Workgroups would be FAR easier to manage remotely if in a Domain security context. Principle is the same ... one machine seen as the bridgehead/proxy server.

 

Quite an enourmous topic with numerous possibilities, combinations, and outcomes. IMHO, I would give US a lot more details to your setup so that the talented crew of NTcompatible could help you.

 

www.labmice.net

www.microsoft.com/technet

Share this post


Link to post

Here is more info on how the network is setup..

In the 3 locations almost all of the computer are running win98. There are a couple computers running XP and 2000. Each location is connected to the computer using a DSL router.

One location has the NT 4.0 server running with a domain server. There are computers that log in to the domain and some that just connect to the workgroup. This is the main location.

The second location is setup with a server but the computers are just connected using a workgroup.

The third location is just a peer2peer network using a workgroup. (Would I need to setup another server for this location?)

I am really just looking for the simplest ways to connect the 3 locations with enough security for outside people not being able to easily get access to the network.

I will look at VPN. Thanks for the help.

Share this post


Link to post

I've been reading about setting up a VPN server but I was wondering if it is possible to do this using a linksys router. Would I need to forward the VPN requests to the server somehow?

Share this post


Link to post

Well heres a link for 2000 and NT (towards the bottom) on configuring VPN access. I would suggest in reading those whitepapers. And from what I gather through your posts, these are my suggestions.

 

http://www.microsoft.com/windows2000/technologies/communications/vpn/default.asp

 

http://www.tek-tips.com/gviewthread.cfm/lev2/5/lev3/34/pid/463/qid/326646

 

http://www.wown.com/j_helmig/vpn.htm

 

1. If the 2 satellite sites just need to share resources with the domain, then all you need is to open PPTP (using NT as your RRAS) ports 1723 and Generic Routing Encapsulation.... GRE 47... on your DSL routers ... though most SOHO routers perform this rather poorly (get the latest firmware. Also install RRAS from the Option Pack on one of your NT DCs, unless of course you got a Win2k server that can handle RRAS.

 

2. If all 3 sites need to share resources equally then I suggest putting in a Radius server in each site to authenticate users who log in through PPTP.

 

3. I dont recommend using L2TP with IPSEC since NAT breaks this (correct me if I am mistaken) and since you have said your domain is NT 4 based. Though you may use L2TP/PPP.

 

Clutch and APK please critique or add more info he might need. I am in the middle of cursing at some dell perc3 drivers laugh

Share this post


Link to post

LOL, I'll take a peek at the info, but you have been very accurate with everything else you have posted that I don't think there will be an issue. However, I wanted to say that I was doing the same thing about my PERC3 controller in my Dell workstation at work, but I found out that the current distro of Gentoo supported the controller at boot, and it made my life much easier.

 

Now on a real quick overview of your points:

 

1. Sounds familiar (been a while since I had to setup our W2K VPN) but I do remember having to manually enable GRE support on our Cisco PIX

 

2. Yep, although another way would be to use w2k server that can route on demand to the VPN connection (I haven't had to do this, but it's similar to what you said in authentication and transparent to the user).

 

3. I have seen many consumer-grade gateways now supporting IPSec, including my Linksys BEFSR-41. I haven't had a need to work with it that much outside of a lab though.

Share this post


Link to post

Been trying to get a windows 2000 installation to install the latest perc3 driver without the hardware being there .... basically trying to move an entire hard drive image to dissimilar hardware .... Ugh! ... basically I am playing janitor and cleaning up.

 

PPTP is is pretty decent for most applicable needs. GRE 47 carries the payload and port 1723 does the authentication. That GRE 47 is actually protocol ID and not a port number for any I have confused.

 

And yes, clutch is correct, there is IPSEC NAT transversal which allows it to pass through NAT as seen here ...

 

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/cableguy/cg0802.asp

 

So there ya go, another option for you to play with.

Share this post


Link to post

Thank you for the suggestions. I am looking into them.

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×