Windows server AD trough IPSec VPN

Options
Aballo
Aballo Posts: 11  Freshman Member
First Comment
in Security

Hello,

We've got 2 sites linked trough an IPSec VPN. We used USG Flex at each side.

In the simpliest way, what can i do for users to be able to login on the domain, whatever site it is on?

Many thank's

L.

All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,449  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @Aballo,

    I assume you just need the client to login AD domain, not the firewall needs to join your AD and authentication. Below is the solution based on what I assume.

    Main concept:

    Your client need to know what IP is you domain.

    You can set your AD DNS server IP as DNS server for your clients. Or set a domain zone forwarder so the clients can resolve the domain and connect to your AD. Below is the example for domain zone forwarder.

    image.png

    Since your firewalls are connected by VPN, the firewall will route the traffic to AD via VPN tunnel and your client can reach the AD.

    Zyxel Melen


  • Aballo
    Aballo Posts: 11  Freshman Member
    First Comment

    Hello,

    Many thank's for your answers.

    The domain controller is behind on USG (main site) and all users on this side can already logon.

    The other side (the "agency") is new.

    I thought IPSec allowed these ports (53, 88, 389, and 445) by default…

    Regards

    L.

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)