I'm having some trouble setting up a site to site link between two schools and would be very grateful for any pointers as I'm a bit stuck.
SETUP: Firstly, both sites are on SWGFL and we've had the required ipsec ports opened at both ends. Cisco routers at both ends are managed by SWGFL.
We also have a pair of Cisco SA540 security appliances which have now been configured as a site to site link, this is up and running (states connection established at both ends).
Multiple 2008 R2 Servers run as DCís at both sites (DHCP/DNSÖ) currently RRAS isnít running on any of the DCís.
QUESTION: How would I go about routing the correct traffic though the VPN so I can setup one site as a child domain? Am I correct in assuming adding a static route on the DCs could be the answer? My other thought at the moment is to put a change request in to SWGFL (ISP) and get them to add a new route in to both routers, Iím a bit lost on this one though.
If there is a VPN, then there should be no need for SWGFL to make any changes to routers.
Site A, put a static route for site B's IP Range on the servers of site A. Static Route should be the site A VPN device
Site B, put a static route for site A's IP Range on the servers of site B. Static Route should be the site B VPN device
To confirm, on the DCs (or just DC with DNS server?) I'm adding a static route via CMD with -p to add to registry?
This will add a route, so send data destined for the remote ip range to the LAN address of the local VPN device. This in turn will pass only the traffic destined for the remote site over the VPN tunnel ?
yet again, thank you for getting back to my question so quickly. I've only just started working for a school so edugeek is new to me!
You also want to make sure that you sort out your AD Sites & Services so that it is aware of the subnets and what should be replicating where. Unless there is a specific need for a child domain or the link is really slow I would consider keeping just one domain.