How to Setup 2 LAN to browse each other on a site to site

May 18, 2016 at 14:44:14
Specs: Windows 7
I have manage to set up 2 LAN (networks on 2 different office 100 miles a part) both of my ISP are Comcast with static IP on each building. I have ZyXel Zywall USG 50 for router and they are running fine. I created a site to site vpn and they are connected.

I need to have the people from Site B to login to my Server 2012 R2 Domain to be validated on Site A. I can Ping across but not able to browse... Any input?


See More: How to Setup 2 LAN to browse each other on a site to site

Report •

#1
May 18, 2016 at 14:55:24
You are going to get very poor performance using a log-on server over a link like that. It would be far more sensible to have another DC in the remote office.

Report •

#2
May 19, 2016 at 08:29:25
Without more info I would suggest you use one subnet in both locations and then a VPN in between.

Are your devices VPN capable? If not, I would look at getting something else that is.

I couldn't agree with ijack more. You definitely want a DC in both sites to reduce the amount of data transfer between sites.

Assuming you have less than 200 people combined I would do something like:

Site A router:
LAN IP: 192.168.1.1
SM: 255.255.255.0
DHCP Enabled = Yes
DHCP Scope = 192.168.1.50 to 192.168.1.150
Client Default Gateway = 192.168.1.1


Site B router:
LAN IP: 192.168.1.2
SM: 255.255.255.0
DHCP Enabled = Yes
DHCP Scope = 192.168.1.151 to 192.168.1.245
Client DG = 192.168.1.2

This way all clients can communicate with all other clients/services in your network as they are all on the same subnet. The VPN gives you the intersite connectivity and, the different DG's ensure clients at each location only access the internet via the router in their location.

NOTE: this does not detail the VPN, This is not a "final" configuration but an example to show you the split DHCP scope. Final configuration is going to depend on what equipment you use.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#3
May 19, 2016 at 09:24:30
Yes, we have a server (2012 R2) on site for DC and that is the first thing I am trying to get promoted as soon I can see the domain across the the Tunnel...

I am using: ZyXel Zywall USG 50 Router
Site to Site Tunnel IpSec VPN (Connected)

Site A Router:
LAN IP: 10.0.2.1
SM: 255.255.255.0
DHCP Enabled = Yes
DHCP Scope = 10.0.2.50 Pool Size 200
Client Default Gateway = 10.0.2.1

Site B router:
LAN IP: 10.0.1.1
SM: 255.255.255.0
DHCP Enabled = Yes
DHCP Scope = 10.0.1.50 Pool Size 200
Client Default Gateway = 10.0.1.1

We are Planning a few more locations total of 10 of them that are around 75 users in each location, so I am trying to think ahead.... each location will have their own DC

message edited by cnazario


Report •

Related Solutions

#4
May 19, 2016 at 14:50:08
A dozen sites total is a lot different than two and would have been good to know at the outset. It would have saved me some typing..........lol :)

as soon I can see the domain across the the Tunnel

You are aware that because the two sites are on different subnets that you're going to have to do some work on layer 3 in order to make them talk to each other?

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#5
May 19, 2016 at 18:14:04
If you ping are you using an IP address or a URL?
How is the DNS setup?

Report •

Ask Question