locked
remote desktop RRS feed

  • Question

  • We are a two location Law firm connected by a point-to-point T1 which uses the same class internal IP address system (192.168.0.XX).  In location A we have all file servers and technical staff.  In location B we have no technical staff and users connect to the location A servers using a point-to-point T1.  We provide remote access through a Windows 2003 server running Microsoft Remote Access Server (RAS) in location A.  In addition to RAS we use remote desktop to access individual PC’s regardless of location. 

     

    All is well.

     

    To increase the performance of location B’s access to the servers our T1 provider suggests we replace the point-to-point with a VPN (IP MPLS network).  In order to accomplish this location B internal network IP addresses must be different from location A perhaps 192.168.16.XX.  Remote access to the servers will not change but I am concerned about using remote desktop to locations B’s PC’s. 

     

    How is this accomplished?  Is there a white paper on the configuration?

     

    Thank you for your time.

     

    LoneWizard

    Wednesday, June 2, 2010 6:39 PM

Answers

  • Hi VinceNic ,

     

    Base on my knowledge ,If you want deploy  Site-To-Site VPN between two sides  , there are many benefits that define different IP segment on both sites.

    For example, isolation broadcast storm, so that reduce VPN line payload.

     

    I recommend you read the article below which introduce about how to design , deploy site to site VPN, it’s very helpful for you to achieve the goal:

     

    Virtual Private Networking with Windows Server 2003: Deploying Site-to-Site VPNs

     

    http://technet.microsoft.com/en-us/library/cc758232(WS.10).aspx

     

    Thanks.

     

    Tiger Li

    Tuesday, June 8, 2010 1:53 AM

All replies

  • Hi VinceNic ,

     

    Base on my knowledge ,If you want deploy  Site-To-Site VPN between two sides  , there are many benefits that define different IP segment on both sites.

    For example, isolation broadcast storm, so that reduce VPN line payload.

     

    I recommend you read the article below which introduce about how to design , deploy site to site VPN, it’s very helpful for you to achieve the goal:

     

    Virtual Private Networking with Windows Server 2003: Deploying Site-to-Site VPNs

     

    http://technet.microsoft.com/en-us/library/cc758232(WS.10).aspx

     

    Thanks.

     

    Tiger Li

    Tuesday, June 8, 2010 1:53 AM
  • Hi VinceNic ,

     

    I just want to check if the information provided was helpful. If there is any update on this issue, please feel free to let me know.
     
    We are looking forward to your reply.

     

    Thanks.

     

    Tiger Li

    Wednesday, June 9, 2010 1:09 AM
  • Hello Ms. Tiger Li,

    Thank you for the response and recommendations; both were helpful.  But my main concern is with different network addresses 192.168.0.xx and 192.168.16.xx how will remote desktop work? 

    My T1 provider says contact your RAS manufacturer and Microsoft says it is a function or the router which is supplied and managed by the T1 provider.

    I am considering this change to increase through-put from 1.5 to 3.0 but I am now considering the old adage - if it isn’t broke - don't fix it.

    Thank you for your help,

    Vince

    Thursday, June 10, 2010 6:14 PM
  • Hi VinceNic ,

     

    Thanks for your reply.

     

    For how implement the connectivity between two sites via site to site VPN, you can set route on both RRAS server.

    In your case , after you deploy site to site VPN connection between both site , you may like to set static route on both RRAS server

     

    In site A which IP segment is 192.168.0.XX, you may set a static route like :

     

    Network Destination

    Netmask

    Gateway

    192.168.16.0

    255.255.255.0

    <Your VPN interface address>

     

    In site B which IP segment is 192.168.16.XX, you may set a static route like :

     

    Network Destination

    Netmask

    Gateway

    192.168.0.0

    255.255.255.0

    <Your VPN interface address>

     

    There is a sections which discuss this subject on the article I provide before.

     

    Components of Windows Server 2003 Site-to-Site VPNs

     

    http://technet.microsoft.com/en-us/library/cc775818(WS.10).aspx

     

    Thanks.

     

    Tiger Li

    Friday, June 11, 2010 6:09 AM