Hi smitesh,

we have implemented DR scenario at remote site.

Whenever any server fails in site 1 than server at remote sure will take over.

Also natting is also than from site1 for the remote site servers.

we give default pointing towards internet connection than nattimg doesnot work.

Hi vipin,

Problem is all the machine get authenticated from site active directory.so that we have provided dnsip of site1.

If we provide other than this dns ip .that system doesnot get authenticate from site1 and access other application.

and if we provide dnsip of site1 than  it is not  able to access the internet from wan link of remote site

Hi,

Please configure an alternate DNS in your remote site hosts. Also allow the necessary port to the main sites.

Please update

Thanks

Vipin

Hi vipin,

That solution we have in mind.any alternative solution.

thanks you.

Hi Prashant,

Problem is all the machine get authenticated from site active directory.so that we have provided dnsip of site1.
If we provide other than this dns ip .that system doesnot get authenticate from site1 and access other application.
and if we provide dnsip of site1 than  it is not  able to access the internet from wan link of remote site

You dont need to change the DNS ip at the remote site. You can still use the DNS at the main site for the internet and also you internal applications as well.This is more like a Centralised Architecture for DNS/AD etc. DNS is just a query. Once your PC browser  gets the public ip address then the forwarding of traffic takes place via the L3 switch and the firewall at the remote site.

Your scenario is quite common where you have a private link between Head office and Remote office. Generally speaking remote sites use HQ for Internet as well but in some scenarios the remote site also has internet as back up connection. Do you have internet at your HQ office?

Anyway, if you want the remote site to use the internet at remote site then the firewall needs to have a default route to the ISP. If you are getting a full routing table then this is not required but I am sure your FW is not receiving the full internet table.

Hope this helps,

Regards

Kishore

Hi kishore,

You are right remote site uses HQ internet .And also there is backup link at remote site.

So when ever HQ internet goesdown remote site should use WAN link amd must able to access internet.

When after giving  default  route to that isp even it is not going could you please suggest

You could fo the following to accomplish this..

access-list 101 extended permit tcp any any eq 80
access-list 101 extended permit tcp any any eq 443

route-map WebTrafficWan permit 10
match ip address 101
set ip next-hop (next hop of Remote WAN connection0

int vlan10
ip address 10.10.10.1 255.255.255.0
ip policy route-map WebTrafficWan

All 80/443 traffic on the remote site will go towards the remote site WAN connection and all other traffic

will follow normal routing. I did notice, according to your diagram, all the DNS servers are at the main

site. So, if you are querying DNS for let's say.... www.blah.com, it's going to go across the p2p connection

to the remote site, which will send a response to the client, so basically traffic will go from the remote site,

to the main site for dns, and then back out the remote site wan connection for web browsing traffic. This seems

like suboptimal routing to me. I would put a DNS server at your remote location personally, if you wanted to

do this. You could also, just have route's pointing to the main site for whatever you need at the remote site

and then have a default route going towards the Remote site WAN.