IPSec tunnel domain controller/clients communication
Hello Everyone,
I have a windows 2008 R2 Domain controller @ site A and another on @ site B. Both sites are connected through a Cisco IPsec tunnel. Do I need to configure anything to make these two controllers talk?
Also, before I go through these configs, I just want to make sure I need to do it. We have ports open and verified, is that all I need to do for these Domain controllers to communicate? Is there an issue Win2003 and Win2008 have with data traffic through
IPsec tunnels?
I'm noticing a GPO issue and wanted to make sure..
Also, I would like other GPOs to be pushed down to the workstations through the IPsec VPN tunnels.
What would be the best practice/method?
Configuring IPSec Transport Mode for DC-to-DC Communication
http://social.technet.microsoft.com/wiki/contents/articles/active-directory-replication-over-firewalls.aspx#ConfigIPSecTranportMode
Encapsulating Inside IPSec
http://social.technet.microsoft.com/wiki/contents/articles/active-directory-replication-over-firewalls.aspx#Enacpsulating
Active Directory Replication Over Firewalls
http://social.technet.microsoft.com/wiki/contents/articles/active-directory-replication-over-firewalls.aspx
Thank you
Devon
March 13th, 2012 1:05pm
Hi Devon,
Thanks for posting here.
May I know how did we set the IPsec tunnel with two cisco routers between two sites over internet ?
According to your description it seems this is a Gateway-to-Gateway IPsec deployment in Tunnel Mode which will secure traffics between two routers only and should not restrict any data transfer between two sites . Please confirm that by verifying the configurations
on both routers.
Using IPSec in Tunnel Mode
http://technet.microsoft.com/en-us/library/cc786385(WS.10).aspx
Meanwhile, deploying IPsec directly between domain controllers or domain controller to domain members are not recommended :
Determining Your IPSec Needs
http://technet.microsoft.com/en-us/library/cc759264(WS.10).aspx
Perhaps you can also post this scenario to Cisco forum since we are going to implement this tunnel with their products
Regards,
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tnmff@microsoft.com.Tiger Li
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
March 14th, 2012 2:52am
Hi Devon,
Please feel free to let us know if the information was helpful to you.
Regards,
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tnmff@microsoft.com.Tiger Li
TechNet Community Support
March 16th, 2012 1:18am
Hi Devon,
Please feel free to let us know if the information was helpful to you.
Regards,
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tnmff@microsoft.com.Tiger Li
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
March 16th, 2012 1:18am
I'm still troubleshooting, trying to get the GPOs down to the workstations that are on IPSEC VPNs. It's hard, since there is no connection to AD Domain at login. The connection is only established after VPN is connected.
March 27th, 2012 1:56pm
I'm still troubleshooting, trying to get the GPOs down to the workstations that are on IPSEC VPNs. It's hard, since there is no connection to AD Domain at login. The connection is only established after VPN is connected.
Free Windows Admin Tool Kit Click here and download it now
March 27th, 2012 1:56pm