VPN Tunnel

Hello. This is my current setup. Main office has several servers (usual
web, ftp, exchange, dns) which is using an RV042 router for the network. At
the remote office, I have a Netgear FVS318v3 router that is maintaining the
VPN tunnel back to the main office. I can't narrow down the problem. I
can't get Group Policy to update through the VPN. I have tried everything
from adjusting the slow connections setting in GP editor to manually forcing
a gp update on the remote machines. Does anyone or has anyone ever heard of
this router or the Netgear blocking traffic, such as GP updates? Or does
anyone have any ideas? Thanks!



Rob

Hi Robert, see the following article on applying group policy over slow links.
http://technet.microsoft.com/en-us/l.../cc759191.aspx
James.
--
James Yeomans, BSc, MCSE
Ask me directly at: http://www.justaskjames.co.uk


"Robert Craig" wrote:

> Hello. This is my current setup. Main office has several servers (usual
> web, ftp, exchange, dns) which is using an RV042 router for the network. At
> the remote office, I have a Netgear FVS318v3 router that is maintaining the
> VPN tunnel back to the main office. I can't narrow down the problem. I
> can't get Group Policy to update through the VPN. I have tried everything
> from adjusting the slow connections setting in GP editor to manually forcing
> a gp update on the remote machines. Does anyone or has anyone ever heard of
> this router or the Netgear blocking traffic, such as GP updates? Or does
> anyone have any ideas? Thanks!
>
>
>
> Rob
>
>

I've been through this article before. Here is what I have.

Main Office
10mb/10mb connection

Remote Office
6mb/768k connection

I had the GP slow link detection set at 512k. It obviously wasn't working.
I just bumped it down to 300k. If that doesn't work, I guess I could set it
at 128k and see what happens. I don't know what else to do. GP policy
processing worked great when I had to two locations connected via two RRAS
boxes, but I read it was extremely slow and so I switched to VPN routers.
Is there anything else I need to look for? Just out of curiosity, do I need
to enable WINS? I've read it doesn't apply for XP machines, but just
curious if that would help.

Rob

"James Yeomans BSc, MCSE" <(E-Mail Removed)>
wrote in message news:F01006E6-429D-421D-A88E-(E-Mail Removed)...
> Hi Robert, see the following article on applying group policy over slow
> links.
> http://technet.microsoft.com/en-us/l.../cc759191.aspx
> James.
> --
> James Yeomans, BSc, MCSE
> Ask me directly at: http://www.justaskjames.co.uk
>
>
> "Robert Craig" wrote:
>
>> Hello. This is my current setup. Main office has several servers (usual
>> web, ftp, exchange, dns) which is using an RV042 router for the network.
>> At
>> the remote office, I have a Netgear FVS318v3 router that is maintaining
>> the
>> VPN tunnel back to the main office. I can't narrow down the problem. I
>> can't get Group Policy to update through the VPN. I have tried
>> everything
>> from adjusting the slow connections setting in GP editor to manually
>> forcing
>> a gp update on the remote machines. Does anyone or has anyone ever heard
>> of
>> this router or the Netgear blocking traffic, such as GP updates? Or does
>> anyone have any ideas? Thanks!
>>
>>
>>
>> Rob
>>
>>

Also, I have a laptop sitting here beside me that has been connected via PPT
connection (built in XP VPN connector) all day. It doesn't even have the
revised GP settings I did a couple of days ago. It's almost like the
Linksys RV042 won't allow gp processing. I don't get it. I'm tempted to go
back to RRAS, but really don't want to.

Rob

"James Yeomans BSc, MCSE" <(E-Mail Removed)>
wrote in message news:F01006E6-429D-421D-A88E-(E-Mail Removed)...
> Hi Robert, see the following article on applying group policy over slow
> links.
> http://technet.microsoft.com/en-us/l.../cc759191.aspx
> James.
> --
> James Yeomans, BSc, MCSE
> Ask me directly at: http://www.justaskjames.co.uk
>
>
> "Robert Craig" wrote:
>
>> Hello. This is my current setup. Main office has several servers (usual
>> web, ftp, exchange, dns) which is using an RV042 router for the network.
>> At
>> the remote office, I have a Netgear FVS318v3 router that is maintaining
>> the
>> VPN tunnel back to the main office. I can't narrow down the problem. I
>> can't get Group Policy to update through the VPN. I have tried
>> everything
>> from adjusting the slow connections setting in GP editor to manually
>> forcing
>> a gp update on the remote machines. Does anyone or has anyone ever heard
>> of
>> this router or the Netgear blocking traffic, such as GP updates? Or does
>> anyone have any ideas? Thanks!
>>
>>
>>
>> Rob
>>
>>

OK, I might end up doing that. What other things can you think of? The
thought is in the back of my head that I have something configured wrong.
Also, if I put a DC in the office, would I still be able to use the VPN
tunnel or would I have to use the VPN tunnel in conjunction with RRAS on the
remote office server?

Rob

"Bill Kearney" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) t...
>> Hello. This is my current setup. Main office has several servers (usual
>> web, ftp, exchange, dns) which is using an RV042 router for the network.
>> At the remote office, I have a Netgear FVS318v3 router that is
>> maintaining the VPN tunnel back to the main office.
>
> Put a domain controller in the remote office. Use it for print spooling,
> dns, etc, in addition to Active Directory.
>
> Just bite the bullet and put a low-end box in there to do it. The time
> saved, and hassles avoided, will more than make it worth the expense.
>
> -Bill Kearney

"Robert Craig" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> OK, I might end up doing that. What other things can you think of? The
> thought is in the back of my head that I have something configured wrong.
> Also, if I put a DC in the office, would I still be able to use the VPN
> tunnel or would I have to use the VPN tunnel in conjunction with RRAS on
> the remote office server?
>
> Rob
>>
>> -Bill Kearney
>

How would having a DC in the remote site have any effect on what sort
of VPN connection you use?

A site to site VPN is a routing setup. It moves traffic from one site to
the other by tunnelling the traffic through the Internet. What happens at
this level is of no interest to AD.

OK, I understand. Let me ask you this. I've considered switching back to
Small Business Server 2003, but upgrade to Premium so I can utilize ISA
2004. If I did this at the main site (main what a pain to do that), could I
install ISA 2004 on a standalone server at the remote site and have ISA hold
the tunnel for me? I'm not sure if this would improve things or I would run
into the same problem.

Rob

"Bill Grant" <not.available@online> wrote in message
news:#(E-Mail Removed)...
>
>
> "Robert Craig" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> OK, I might end up doing that. What other things can you think of? The
>> thought is in the back of my head that I have something configured wrong.
>> Also, if I put a DC in the office, would I still be able to use the VPN
>> tunnel or would I have to use the VPN tunnel in conjunction with RRAS on
>> the remote office server?
>>
>> Rob
>>>
>>> -Bill Kearney
>>
>
> How would having a DC in the remote site have any effect on what sort
> of VPN connection you use?
>
> A site to site VPN is a routing setup. It moves traffic from one site to
> the other by tunnelling the traffic through the Internet. What happens at
> this level is of no interest to AD.

That would probably work, but why would you want to do that if you have a
working site to site VPN using dedicated routers? There is no reason to use
a DC as a router if you already have a working solution (even if the DC is
SBS).

Routing and AD are independent and there is no reason I can think of to
combine them.

"Robert Craig" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> OK, I understand. Let me ask you this. I've considered switching back to
> Small Business Server 2003, but upgrade to Premium so I can utilize ISA
> 2004. If I did this at the main site (main what a pain to do that), could
> I install ISA 2004 on a standalone server at the remote site and have ISA
> hold the tunnel for me? I'm not sure if this would improve things or I
> would run into the same problem.
>
> Rob
>
> "Bill Grant" <not.available@online> wrote in message
> news:#(E-Mail Removed)...
>>
>>
>> "Robert Craig" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> OK, I might end up doing that. What other things can you think of? The
>>> thought is in the back of my head that I have something configured
>>> wrong. Also, if I put a DC in the office, would I still be able to use
>>> the VPN tunnel or would I have to use the VPN tunnel in conjunction with
>>> RRAS on the remote office server?
>>>
>>> Rob
>>>>
>>>> -Bill Kearney
>>>
>>
>> How would having a DC in the remote site have any effect on what sort
>> of VPN connection you use?
>>
>> A site to site VPN is a routing setup. It moves traffic from one site
>> to the other by tunnelling the traffic through the Internet. What happens
>> at this level is of no interest to AD.
>

OK, I think that's what I will do. I will install a domain controller on an
old box at the remote site. It will obviously be a secondary DNS server. I
will change all the remote machines to use the new box as their DNS servers.
Your bandwidth comment makes a lot of sense. Maybe that's the problem.
I'll give it a shot and see what happens. If not, worse case scenario, I
will use RRAS, which never produced the problem. Thanks guys!

Rob

"Bill Kearney" <(E-Mail Removed)> wrote in message
news:NN-(E-Mail Removed)...
>
>> How would having a DC in the remote site have any effect on what sort
>> of VPN connection you use?
>
> How many multi-site networks have you setup and managed?
>
>> A site to site VPN is a routing setup. It moves traffic from one site
>> to the other by tunnelling the traffic through the Internet. What happens
>> at this level is of no interest to AD.
>
> What has to go across the connection is the issue. If there's a DC at the
> remote office then you won't have an avalanche of AD-related traffic
> trying to use the VPN connection at all. The local DC will handle it
> instead. Then that will be the only host needing to consume VPN bandwidth.
> More or less. The users will see snappier local performance and,
> potentially, it can save the business from having to increase their
> connection speeds.

Well, from what I've read, the PC based router takes longer and more
processing power to encode the traffic, and then decode it. Where as a
hardware router is designed to do it without sacrificing power from other
areas.

Rob

"Bill Kearney" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) t...
>> Routing and AD are independent and there is no reason I can think of
>> to combine them.
>
> Plenty of reasons not to combine them. I've often found it's better to
> have infrastructure systems like this separate from PC-based services.
> Black boxes in racks tend to stay up and running much more reliably. That
> and reboot faster in the event of power problems. Cram it all onto a PC
> and, well, the saying about all your eggs in one basket comes to mind.