vpn

TheMSsForum.com: The Microsoft Software Forum

I have two schools, each with a Cisco PIX 506e firewall/router. As I upgrade
to Windows Server 2003 (Standard) I will be making changes to my
Forest/Domain structure. Since I plan on connecting the schools via VPN I
have a couple of questions:

Should the VPN connections be done using IPSec or is there another protocol
that I should consider?
Should I create a Forest at each school and simply create a trust between
the two locations or should I have one forest and set each school as a domain
within the forest?
Top

Re: vpn by Phillip

Phillip
Thu Aug 04 11:17:50 CDT 2005

"kjs" <kjs@discussions.microsoft.com> wrote in message
news:FF2021AC-7C14-4E30-984B-A2B789E12D23@microsoft.com...
> Should the VPN connections be done using IPSec or is there another
protocol
> that I should consider?

Your choice. VPN by its very nature of "tunneling" is already secure even
without IPSec. IPSec is just another layer of complexity.

> Should I create a Forest at each school and simply create a trust between
> the two locations or should I have one forest and set each school as a
domain
> within the forest?

It should follow the "politics" of the schools. If they are autonomous and
run themselves then separate Forests. If they are simple "underlings" with
one school being the "boss" over the others then one Forest. Domains are an
"administrative entity", they don't control how the LAN itself functions.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------




Top

RE: vpn by JohanStrange

JohanStrange
Thu Aug 04 16:31:31 CDT 2005

IPSec is generally used to encrypt an L2TP VPN connection, if you use this
method you should use IPSec. Alternatively PPTP is encrypted by default.. I
have a network with two sites, connected using a LAN to LAN PPTP VPN. This is
very secure, there are benefits to each VPN protocol of course. Google it...

The Trust would depend on your particular scenario, with Server 2003 you
could have a Forest Trust or alternativly you could have both sites in a
single domain, this wouldbe configured using AD Sites and Services, the
latter would tend to use Organizational units over domains. Server 2003 is
geared to reduce domains.

GL

"kjs" wrote:

> I have two schools, each with a Cisco PIX 506e firewall/router. As I upgrade
> to Windows Server 2003 (Standard) I will be making changes to my
> Forest/Domain structure. Since I plan on connecting the schools via VPN I
> have a couple of questions:
>
> Should the VPN connections be done using IPSec or is there another protocol
> that I should consider?
> Should I create a Forest at each school and simply create a trust between
> the two locations or should I have one forest and set each school as a domain
> within the forest?
Top