VPN Tunnel

Discussion in 'Server Networking' started by Robert Craig, Nov 16, 2008.

  1. Robert Craig

    Robert Craig Guest

    Hello. This is my current setup. Main office has several servers (usual
    web, ftp, exchange, dns) which is using an RV042 router for the network. At
    the remote office, I have a Netgear FVS318v3 router that is maintaining the
    VPN tunnel back to the main office. I can't narrow down the problem. I
    can't get Group Policy to update through the VPN. I have tried everything
    from adjusting the slow connections setting in GP editor to manually forcing
    a gp update on the remote machines. Does anyone or has anyone ever heard of
    this router or the Netgear blocking traffic, such as GP updates? Or does
    anyone have any ideas? Thanks!

    Robert Craig, Nov 16, 2008
    1. Advertisements

  2. James Yeomans BSc, MCSE, Nov 16, 2008
    1. Advertisements

  3. Robert Craig

    Robert Craig Guest

    I've been through this article before. Here is what I have.

    Main Office
    10mb/10mb connection

    Remote Office
    6mb/768k connection

    I had the GP slow link detection set at 512k. It obviously wasn't working.
    I just bumped it down to 300k. If that doesn't work, I guess I could set it
    at 128k and see what happens. I don't know what else to do. GP policy
    processing worked great when I had to two locations connected via two RRAS
    boxes, but I read it was extremely slow and so I switched to VPN routers.
    Is there anything else I need to look for? Just out of curiosity, do I need
    to enable WINS? I've read it doesn't apply for XP machines, but just
    curious if that would help.

    Robert Craig, Nov 16, 2008
  4. Robert Craig

    Robert Craig Guest

    Also, I have a laptop sitting here beside me that has been connected via PPT
    connection (built in XP VPN connector) all day. It doesn't even have the
    revised GP settings I did a couple of days ago. It's almost like the
    Linksys RV042 won't allow gp processing. I don't get it. I'm tempted to go
    back to RRAS, but really don't want to.

    Robert Craig, Nov 16, 2008
  5. Robert Craig

    Robert Craig Guest

    OK, I might end up doing that. What other things can you think of? The
    thought is in the back of my head that I have something configured wrong.
    Also, if I put a DC in the office, would I still be able to use the VPN
    tunnel or would I have to use the VPN tunnel in conjunction with RRAS on the
    remote office server?

    Robert Craig, Nov 17, 2008
  6. Robert Craig

    Bill Grant Guest

    How would having a DC in the remote site have any effect on what sort
    of VPN connection you use?

    A site to site VPN is a routing setup. It moves traffic from one site to
    the other by tunnelling the traffic through the Internet. What happens at
    this level is of no interest to AD.
    Bill Grant, Nov 17, 2008
  7. Robert Craig

    Robert Craig Guest

    OK, I understand. Let me ask you this. I've considered switching back to
    Small Business Server 2003, but upgrade to Premium so I can utilize ISA
    2004. If I did this at the main site (main what a pain to do that), could I
    install ISA 2004 on a standalone server at the remote site and have ISA hold
    the tunnel for me? I'm not sure if this would improve things or I would run
    into the same problem.

    Robert Craig, Nov 17, 2008
  8. Robert Craig

    Bill Grant Guest

    That would probably work, but why would you want to do that if you have a
    working site to site VPN using dedicated routers? There is no reason to use
    a DC as a router if you already have a working solution (even if the DC is

    Routing and AD are independent and there is no reason I can think of to
    combine them.
    Bill Grant, Nov 17, 2008
  9. Robert Craig

    Robert Craig Guest

    OK, I think that's what I will do. I will install a domain controller on an
    old box at the remote site. It will obviously be a secondary DNS server. I
    will change all the remote machines to use the new box as their DNS servers.
    Your bandwidth comment makes a lot of sense. Maybe that's the problem.
    I'll give it a shot and see what happens. If not, worse case scenario, I
    will use RRAS, which never produced the problem. Thanks guys!

    Robert Craig, Nov 17, 2008
  10. Robert Craig

    Robert Craig Guest

    Well, from what I've read, the PC based router takes longer and more
    processing power to encode the traffic, and then decode it. Where as a
    hardware router is designed to do it without sacrificing power from other

    Robert Craig, Nov 17, 2008
  11. Robert Craig

    Bill Grant Guest

    Also look at making a secondary zone in each DNS for the "other" site.
    Then the local DNS can resolve names for either site. And Sites and Services
    is worth looking at.
    Bill Grant, Nov 17, 2008
  12. Robert Craig

    Robert Craig Guest

    OK, this is what I did. I installed a DC at the remote site with DNS. As
    it stands, the DNS at the main office is primary for all zones (including
    Reverse Lookup), so I left it that way. When I installed DNS on the new
    box, all zones automatically replicated over. I also created a second site
    for the remote office (in Sites and Services) and attached the new box, as
    well as the appropriate subnet to the new site. I put in the box earlier
    this evening. For giggles, I logged in one of the computers and I already
    saw some of the changes I implemented a week ago in Group Policy. It took
    some tweaking to get the replication to function correctly, but I think I've
    solved my issue. Now I will just monitor the event viewer to see what red
    flags come up every day or two until I'm satisfied. Any pointers on Sites
    and Services? I created a new site, attached the new server and the other
    subnet, created a site link, and bridged them. Anything else?

    Robert Craig, Nov 18, 2008
  13. Robert Craig

    Robert Craig Guest

    Thanks for your help. I just wish there was a simpler solution to this, but
    oh well.

    Robert Craig, Nov 18, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.