skp 0 Posted January 7, 2003 I am trying to connect a couple of networks over the internet. There is a main network that uses a NT 4.0 domain server. There are two other networks that are just setup as workgroups in different locations. I would like for all the computers to be able to see each other like they are connected to the same workgroup. Can somebody tell me how to set this up or give me a place where I could find the info on how to do this? Share this post Link to post
harrytoole 0 Posted January 7, 2003 Do you mean connect over the internet or a WAN line? Connecting over the internet is a no-no. Share this post Link to post
DS3Circuit 0 Posted January 7, 2003 Just a quick note. If you are working with primarily NT 4 servers (from what I have read) ... then create trusts and create PPTN VPN Connections using RRAS found in the OPTION PACK. That will allow secure connections for your networks with the internet used as the medium. VERY ROUGH EXPLANATION. Workgroups would be FAR easier to manage remotely if in a Domain security context. Principle is the same ... one machine seen as the bridgehead/proxy server. Quite an enourmous topic with numerous possibilities, combinations, and outcomes. IMHO, I would give US a lot more details to your setup so that the talented crew of NTcompatible could help you. www.labmice.net www.microsoft.com/technet Share this post Link to post
felix 0 Posted January 7, 2003 You could investigate the possibility of VPN using IPSec. Share this post Link to post
skp 0 Posted January 7, 2003 Here is more info on how the network is setup.. In the 3 locations almost all of the computer are running win98. There are a couple computers running XP and 2000. Each location is connected to the computer using a DSL router. One location has the NT 4.0 server running with a domain server. There are computers that log in to the domain and some that just connect to the workgroup. This is the main location. The second location is setup with a server but the computers are just connected using a workgroup. The third location is just a peer2peer network using a workgroup. (Would I need to setup another server for this location?) I am really just looking for the simplest ways to connect the 3 locations with enough security for outside people not being able to easily get access to the network. I will look at VPN. Thanks for the help. Share this post Link to post
skp 0 Posted January 7, 2003 I've been reading about setting up a VPN server but I was wondering if it is possible to do this using a linksys router. Would I need to forward the VPN requests to the server somehow? Share this post Link to post
DS3Circuit 0 Posted January 7, 2003 Well heres a link for 2000 and NT (towards the bottom) on configuring VPN access. I would suggest in reading those whitepapers. And from what I gather through your posts, these are my suggestions. http://www.microsoft.com/windows2000/technologies/communications/vpn/default.asp http://www.tek-tips.com/gviewthread.cfm/lev2/5/lev3/34/pid/463/qid/326646 http://www.wown.com/j_helmig/vpn.htm 1. If the 2 satellite sites just need to share resources with the domain, then all you need is to open PPTP (using NT as your RRAS) ports 1723 and Generic Routing Encapsulation.... GRE 47... on your DSL routers ... though most SOHO routers perform this rather poorly (get the latest firmware. Also install RRAS from the Option Pack on one of your NT DCs, unless of course you got a Win2k server that can handle RRAS. 2. If all 3 sites need to share resources equally then I suggest putting in a Radius server in each site to authenticate users who log in through PPTP. 3. I dont recommend using L2TP with IPSEC since NAT breaks this (correct me if I am mistaken) and since you have said your domain is NT 4 based. Though you may use L2TP/PPP. Clutch and APK please critique or add more info he might need. I am in the middle of cursing at some dell perc3 drivers Share this post Link to post
clutch 1 Posted January 7, 2003 LOL, I'll take a peek at the info, but you have been very accurate with everything else you have posted that I don't think there will be an issue. However, I wanted to say that I was doing the same thing about my PERC3 controller in my Dell workstation at work, but I found out that the current distro of Gentoo supported the controller at boot, and it made my life much easier. Now on a real quick overview of your points: 1. Sounds familiar (been a while since I had to setup our W2K VPN) but I do remember having to manually enable GRE support on our Cisco PIX 2. Yep, although another way would be to use w2k server that can route on demand to the VPN connection (I haven't had to do this, but it's similar to what you said in authentication and transparent to the user). 3. I have seen many consumer-grade gateways now supporting IPSec, including my Linksys BEFSR-41. I haven't had a need to work with it that much outside of a lab though. Share this post Link to post
DS3Circuit 0 Posted January 8, 2003 Been trying to get a windows 2000 installation to install the latest perc3 driver without the hardware being there .... basically trying to move an entire hard drive image to dissimilar hardware .... Ugh! ... basically I am playing janitor and cleaning up. PPTP is is pretty decent for most applicable needs. GRE 47 carries the payload and port 1723 does the authentication. That GRE 47 is actually protocol ID and not a port number for any I have confused. And yes, clutch is correct, there is IPSEC NAT transversal which allows it to pass through NAT as seen here ... http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/cableguy/cg0802.asp So there ya go, another option for you to play with. Share this post Link to post
skp 0 Posted January 10, 2003 Thank you for the suggestions. I am looking into them. Share this post Link to post