IPSec tunnel domain controller/clients communication
Hello Everyone, I have a windows 2008 R2 Domain controller @ site A and another on @ site B. Both sites are connected through a Cisco IPsec tunnel. Do I need to configure anything to make these two controllers talk? Also, before I go through these configs, I just want to make sure I need to do it. We have ports open and verified, is that all I need to do for these Domain controllers to communicate? Is there an issue Win2003 and Win2008 have with data traffic through IPsec tunnels? I'm noticing a GPO issue and wanted to make sure.. Also, I would like other GPOs to be pushed down to the workstations through the IPsec VPN tunnels. What would be the best practice/method? Configuring IPSec Transport Mode for DC-to-DC Communication http://social.technet.microsoft.com/wiki/contents/articles/active-directory-replication-over-firewalls.aspx#ConfigIPSecTranportMode Encapsulating Inside IPSec http://social.technet.microsoft.com/wiki/contents/articles/active-directory-replication-over-firewalls.aspx#Enacpsulating Active Directory Replication Over Firewalls http://social.technet.microsoft.com/wiki/contents/articles/active-directory-replication-over-firewalls.aspx Thank you Devon
March 13th, 2012 1:05pm

Hi Devon, Thanks for posting here. May I know how did we set the IPsec tunnel with two cisco routers between two sites over internet ? According to your description it seems this is a Gateway-to-Gateway IPsec deployment in Tunnel Mode which will secure traffics between two routers only and should not restrict any data transfer between two sites . Please confirm that by verifying the configurations on both routers. Using IPSec in Tunnel Mode http://technet.microsoft.com/en-us/library/cc786385(WS.10).aspx Meanwhile, deploying IPsec directly between domain controllers or domain controller to domain members are not recommended : Determining Your IPSec Needs http://technet.microsoft.com/en-us/library/cc759264(WS.10).aspx Perhaps you can also post this scenario to Cisco forum since we are going to implement this tunnel with their products Regards, Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tnmff@microsoft.com.Tiger Li TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
March 14th, 2012 2:52am

Hi Devon, Please feel free to let us know if the information was helpful to you. Regards, Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tnmff@microsoft.com.Tiger Li TechNet Community Support
March 16th, 2012 1:18am

Hi Devon, Please feel free to let us know if the information was helpful to you. Regards, Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tnmff@microsoft.com.Tiger Li TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
March 16th, 2012 1:18am

I'm still troubleshooting, trying to get the GPOs down to the workstations that are on IPSEC VPNs. It's hard, since there is no connection to AD Domain at login. The connection is only established after VPN is connected.
March 27th, 2012 1:56pm

I'm still troubleshooting, trying to get the GPOs down to the workstations that are on IPSEC VPNs. It's hard, since there is no connection to AD Domain at login. The connection is only established after VPN is connected.
Free Windows Admin Tool Kit Click here and download it now
March 27th, 2012 1:56pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics