Multiple Site to Site VPN question

[Shambler]

Just trying to wrap my head around how traffic is routed in a config like below


Remote Site A --- VPN-A ------- Parent Company ------- VPN-B ------ Remote Site B


If I am at the Parent Company, and I ping a machine in Remote Site A, what makes that ping request use the correct VPN tunnel?

Is there a setting somewhere that pushes A traffic to A VPN?

 

[Nate7311]

By definition, remote networks are on different subnets. The VPN Endpoint/Router knows what subnet is at the end of each VPN tunnel and routes accoutingly.

Rough example.
Remote Site A (192.168.100.1) -----> Corp HQ (10.0.0.X) <------ Remote Site B (172.16.1.X)

 

[Shambler]

Perfecto. So, let's get more complicated. (At least in my head)

Site A and B are child domains of the Parent Company. (Domain A and B respectively)


A/The DNS Server within the Parent Company would need forwarders to the DNS Servers of both Domain A and Domain B in order for me to ping machines by name. Right?

 

[Nate7311]

That's one possibility... Are you talking about an AD environment?

 

[Shambler]

That's one possibility... Are you talking about an AD environment?

Yessir

 

[Nate7311]

How are the DC's/Sites setup?

 

[Shambler]

How are the DC's/Sites setup?

Keep in mind this is fictitious. Just a way for me to think about this more clearly.


As for setup: In terms of addressing or trusts or DNS, something else?

 

[Nate7311]

When you define "Sites" in AD, you also define the subnet that belongs to them. That's how AD knows immediately where they fit in.

 

[Shambler]

When you define "Sites" in AD, you also define the subnet that belongs to them. That's how AD knows immediately where they fit in.

Good call. Haven't thought about that.

How should they be setup in a perfect world? Should ADSS for the Parent Company have a Site/Subnet setup for Child Domain A and B?

Should Domain A and B have a Site/Subnet setup for the Parent Company? And maybe each other?

 

[Nate7311]

Ideally, you'll have at least 1 DC in each site. The structure will replicate across the entire forrest. It's time for you to do some reading

 

[Shambler]

Yep yep. Going to go through this today
http://technet.microsoft.com/en-us/library/cc730868.aspx


Thank you for all the info so far though.

 

[Nate7311]

http://www.networkingprogramming.com

WONDERFUL Youtube collection covering all sorts of IT stuff, including AD.

 

[Shambler]

Holy freaking crap! This is awesome!

 

[Mister Natural]

By definition, remote networks are on different subnets. The VPN Endpoint/Router knows what subnet is at the end of each VPN tunnel and routes accoutingly.

Rough example.
Remote Site A (192.168.100.1) -----> Corp HQ (10.0.0.X) <------ Remote Site B (172.16.1.X)

It actually doesn't need to be that diverse.
You can do 192.168.2.x > 192.168.3.x < 192.168.4.x

It all depends on the size of the network overall and how many IP's you'll need.

 

[Nate7311]

Absolutely, it's all example.