Site-to-site VPN and Active Directory

Gareth

I have set up a site-to-site VPN between my home (NSG50) and Office (NSG100). How do I allow access to manage my Active Directory, DNS, DHCP etc over the VPN?
NSG50 is on 192.168.2.0/24, NSG100 is on 192.168.0.0/24
NSG100 is connected to Virgin Media Business with static public IP, NSG50 is connected to BT Home Hub with dynamic IP (Dynamic DNS configured) BT Home Hub is using 192.168.1.0/24
I can remote desktop to my servers via hostname (DNS Servers behind NSG100 added to NSG50 config)

Zyxel_Chris

Hello @Gareth

Is your AD server is loacted at 192.168.2.0/24 or 192.168.0.0/24 ? Since it should not have the issue once the VPN tunnel is up.

Gareth

the AD server is on 192.168.0.0/24. Cannot find domain from 192.168.2.0/24

Zyxel_Chris

@Gareth

What is the application you expected?

Based on description you cannot connect the RDP from 192.1668.2.0/24 with hostname to your AD but if it can work with IP?

Feel free to correct me if I'm wrong.

Gareth

Nebula_Chris said:

@Gareth

What is the application you expected?

Based on description you cannot connect the RDP from 192.1668.2.0/24 with hostname to your AD but if it can work with IP?

Feel free to correct me if I'm wrong.

RDP works fine, it's access to ADUC DNS, DHCP admin etc that doesnt work. 

Zyxel_Chris

Hi @Gareth

Please be aware that the DHCP traffic cannot pass-through to VPN tunnel, therefore the DHCP service will not work, but the DNS should work in this case.

Can you capture the packet on NSG100 via login to local GUI, LAN1 (assume 192.168.0.0/24 is located in LAN1).

Keep file size as same as split threshold.

Download the pap file and filter DNS, see if the DNS query has pass-through to the tunnel and AD has reply it or not.

On the other hand, can you share more detail of ADUC implement? Is it just the AD authentication between these 2 end devices or you would add this client PC/laptop as the member to AD server?