Cisco Support Community
Community Member

VPN Tunnel - Windows 2k3 DC join domain

I have a question, and I think this should work, but please shoot me down if it's not possible.

Our office is in California, and we have a branch out in Florida. We want to join the Florida's Windows Domain and create a Domain Controller here in California. Currently we have a permanent VPN tunnel (PIX to Netscreen) from Cali to FL and can share resources. Through this same tunnel, can I create DC in Cali to join the domain in FL? Do we have to be on the same subnet? For example, if FL is on the subnet, do we in California have to be in the same subnet? or can we be on the same domain with a different subnet ( I want to be able to administer either Active directory. Any info or suggestions will be grateful. Thanks!


Re: VPN Tunnel - Windows 2k3 DC join domain

As far as the VPN tunnel is concerned, I do not see any issues as long as the necessary ports are open in the firewalls. May be some Windows experts out there can comment on the Domain concepts.

Re: VPN Tunnel - Windows 2k3 DC join domain

I dont see any problem either. When a host join a domain and try to retreive the group policy, they do so in udp. You might have to use a GPO to lower the MTU or force the WinXP/2000 to use TCP. The Mtu of the Win2003 server is lower by default and you dont have to do anything. (I have a few remotes sites that use centralize DCs)

Community Member

Re: VPN Tunnel - Windows 2k3 DC join domain

From the windows perspective, no problems running Active Directory over a WAN or VPN connection. We are doing that currently. As long as the necessary traffic is allowed thru.

Becareful in Windows to ensure you define the:

a) subnets

b) sites

c) replication frequency

If you have a large windows domain with a lot of objects, this replication can take the traffic up on the sure it is only replicating on some interval such as every 30 or 60 minutes...even greater depending on how many changes take place in the directory.

CreatePlease to create content