Connecting 3 server 2003 sites

I am working with a client with 3 locations with a 2003 DC at each and they
want to connect them together. They want to be able to access files on each
server from every location. They have high-speed internet at each with a
static IP and are using Netgear FVS318 routers. The servers are setup as DC
and running DHCP/DNS for each location. To make this work does the
addressing need to change to all be the same network segment?? What is the
best way to accomplish this with the equipment they have?? Any help or
advice is greatly appreciated.

Thanks

1. are they different domain names?
2. They should use different IP range.
3. Since they have Netgear FVS318, they may be able to do IPSec VPN.

vpn solutions
VPN Solutions. 1. Peer to Peer VPN 2. Client to Server VPN 3. Site to Site VPN 4.
IPSec VPN 5. Exporting VPN Client Settings ...
www.chicagotech.net/vpnsolutions.htm

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Eric" <(E-Mail Removed)> wrote in message news:3FBBDEE3-A389-45C5-9C61-(E-Mail Removed)...
I am working with a client with 3 locations with a 2003 DC at each and they
want to connect them together. They want to be able to access files on each
server from every location. They have high-speed internet at each with a
static IP and are using Netgear FVS318 routers. The servers are setup as DC
and running DHCP/DNS for each location. To make this work does the
addressing need to change to all be the same network segment?? What is the
best way to accomplish this with the equipment they have?? Any help or
advice is greatly appreciated.

Thanks

"Eric" <(E-Mail Removed)> wrote in message
news:3FBBDEE3-A389-45C5-9C61-(E-Mail Removed)...
> static IP and are using Netgear FVS318 routers. The servers are setup as
DC
> and running DHCP/DNS for each location. To make this work does the
> addressing need to change to all be the same network segment??

No just the opposite. You will be using a Site-to-Site VPN (using the
Netgear boxes) and VPN needs each Location to be different TCP/IP Segment so
that Layer3 routing will function.

> What is the
> best way to accomplish this with the equipment they have??

Assuming that the Domains already exist,...and they are separate independent
Domains,...and do not duplicate each other's Names,....you setup a Trust
between all of the Domains. For this to happen each DC needs to contain the
DNS Server for every other Domain in its TCP/IP Config. If they are not
"aware of" and cannot find the DNS for every Domain, the Trust will not work
and the Domains will not interact.

Every DC/DNS (assuming the DC is also the DNS) will point to itself first in
the TCP/IP DNS config,...then list all the other DC/DNSs after that
beginning with its own companion DC/DNS from its own Domain if there is one
(every Domain should have at least 2 DCs).

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------

Thanks for the info. The servers were setup independently but I believe they
share the same .local domain name. ie. company.local If I understand
correctly this will not work, each one would have to be a differnet name? I
could change it to company-location.local, but I am not sure how to do that
after AD is installed. Is there any easy way to do that? As far as the DNS
setup I will just need to make an entry in DNS on each server for the other 2
servers?? What part of the tree in DNS does that get added and what kind of
record is it??

Thanks again for the help.

"Phillip Windell" wrote:

> "Eric" <(E-Mail Removed)> wrote in message
> news:3FBBDEE3-A389-45C5-9C61-(E-Mail Removed)...
> > static IP and are using Netgear FVS318 routers. The servers are setup as
> DC
> > and running DHCP/DNS for each location. To make this work does the
> > addressing need to change to all be the same network segment??
>
> No just the opposite. You will be using a Site-to-Site VPN (using the
> Netgear boxes) and VPN needs each Location to be different TCP/IP Segment so
> that Layer3 routing will function.
>
> > What is the
> > best way to accomplish this with the equipment they have??
>
> Assuming that the Domains already exist,...and they are separate independent
> Domains,...and do not duplicate each other's Names,....you setup a Trust
> between all of the Domains. For this to happen each DC needs to contain the
> DNS Server for every other Domain in its TCP/IP Config. If they are not
> "aware of" and cannot find the DNS for every Domain, the Trust will not work
> and the Domains will not interact.
>
> Every DC/DNS (assuming the DC is also the DNS) will point to itself first in
> the TCP/IP DNS config,...then list all the other DC/DNSs after that
> beginning with its own companion DC/DNS from its own Domain if there is one
> (every Domain should have at least 2 DCs).
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/t...dance/2004.asp
> http://www.microsoft.com/isaserver/t...dance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Deployment Guidelines for ISA Server 2004 Enterprise Edition
> http://www.microsoft.com/technet/pro...isaserver.mspx
> -----------------------------------------------------
>
>
>
>

"Eric" <(E-Mail Removed)> wrote in message
news:56743D69-67D0-4970-926E-(E-Mail Removed)...
> Thanks for the info. The servers were setup independently but I believe
they
> share the same .local domain name. ie. company.local If I understand
> correctly this will not work, each one would have to be a differnet name?

Correct, your screwed,...the name must be different.

> could change it to company-location.local, but I am not sure how to do
that
> after AD is installed. Is there any easy way to do that?

Do a search on MS's site (Knowledge Base) for "Renaming a Domian". It
shouldn't be hard to find. It can be done on 2003 Domains, not 2000. If
Exchange is part of the Domain, then it cannot be renamed (even if 2003). I
have heard of third party tools to overcome that but it depends on how much
you trust them. If MS says they don't "support" something,...there is
usually a good reason for it.

As far as the DNS
> setup I will just need to make an entry in DNS on each server for the
other 2
> servers??

Yes. In the normal TCP/IP Settings

> What part of the tree in DNS does that get added and what kind of
> record is it??

You don't bother any "trees". It isn't a "record".

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------

I was wrong on the domains. They are diiferent names with the .local domain
so I should be good there. DHCP is also setup on each dishing addresses in
different segements so thats good too. Now after I create the VPN would I
just need to create a trust relationship between all 3 domains?? Just to be
sure on the DNS, I would need to put the IP of each server as DNS servers in
the network connection properties?? So it will list the server itself as the
primary and the other 2 as alternates??

Thanks Again.

"Phillip Windell" wrote:

> "Eric" <(E-Mail Removed)> wrote in message
> news:56743D69-67D0-4970-926E-(E-Mail Removed)...
> > Thanks for the info. The servers were setup independently but I believe
> they
> > share the same .local domain name. ie. company.local If I understand
> > correctly this will not work, each one would have to be a differnet name?
>
> Correct, your screwed,...the name must be different.
>
> > could change it to company-location.local, but I am not sure how to do
> that
> > after AD is installed. Is there any easy way to do that?
>
> Do a search on MS's site (Knowledge Base) for "Renaming a Domian". It
> shouldn't be hard to find. It can be done on 2003 Domains, not 2000. If
> Exchange is part of the Domain, then it cannot be renamed (even if 2003). I
> have heard of third party tools to overcome that but it depends on how much
> you trust them. If MS says they don't "support" something,...there is
> usually a good reason for it.
>
> As far as the DNS
> > setup I will just need to make an entry in DNS on each server for the
> other 2
> > servers??
>
> Yes. In the normal TCP/IP Settings
>
> > What part of the tree in DNS does that get added and what kind of
> > record is it??
>
> You don't bother any "trees". It isn't a "record".
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/t...dance/2004.asp
> http://www.microsoft.com/isaserver/t...dance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Deployment Guidelines for ISA Server 2004 Enterprise Edition
> http://www.microsoft.com/technet/pro...isaserver.mspx
> -----------------------------------------------------
>
>
>
>
>

"Eric" <(E-Mail Removed)> wrote in message
news:62E5509D-3C1C-4A18-A868-(E-Mail Removed)...
> I was wrong on the domains. They are diiferent names with the .local
domain
> so I should be good there. DHCP is also setup on each dishing addresses
in
> different segements so thats good too. Now after I create the VPN would I
> just need to create a trust relationship between all 3 domains?? Just to
be
> sure on the DNS, I would need to put the IP of each server as DNS servers
in
> the network connection properties?? So it will list the server itself as
the
> primary and the other 2 as alternates??

Yes.
It would also be good to have at least one WINS Server that every machine
looks at as well. It doens't matter where it is located

As far as those DNS settings, remember that we are talking about the
DC/AD/DNS machines only. The Clients still just use their own respective
DNS as they had been doing, they don't change,..at least as far as I know
that is the way it is.

You create the Trust last, after all the rest is done.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------