Site-to-site VPN and Active Directory

Gareth
Gareth Posts: 12  Freshman Member
First Comment Friend Collector Third Anniversary
edited April 2021 in Nebula
I have set up a site-to-site VPN between my home (NSG50) and Office (NSG100). How do I allow access to manage my Active Directory, DNS, DHCP etc over the VPN?
NSG50 is on 192.168.2.0/24, NSG100 is on 192.168.0.0/24
NSG100 is connected to Virgin Media Business with static public IP, NSG50 is connected to BT Home Hub with dynamic IP (Dynamic DNS configured) BT Home Hub is using 192.168.1.0/24
I can remote desktop to my servers via hostname (DNS Servers behind NSG100 added to NSG50 config)

All Replies

  • Zyxel_Chris
    Zyxel_Chris Posts: 705  Zyxel Employee
    Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 50 Answers
    Hello @Gareth
    Is your AD server is loacted at 192.168.2.0/24 or 192.168.0.0/24 ? Since it should not have the issue once the VPN tunnel is up.

  • Gareth
    Gareth Posts: 12  Freshman Member
    First Comment Friend Collector Third Anniversary
    the AD server is on 192.168.0.0/24. Cannot find domain from 192.168.2.0/24

  • Zyxel_Chris
    Zyxel_Chris Posts: 705  Zyxel Employee
    Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 50 Answers
    What is the application you expected?
    Based on description you cannot connect the RDP from 192.1668.2.0/24 with hostname to your AD but if it can work with IP?
    Feel free to correct me if I'm wrong.
  • Gareth
    Gareth Posts: 12  Freshman Member
    First Comment Friend Collector Third Anniversary
    What is the application you expected?
    Based on description you cannot connect the RDP from 192.1668.2.0/24 with hostname to your AD but if it can work with IP?
    Feel free to correct me if I'm wrong.
    RDP works fine, it's access to ADUC DNS, DHCP admin etc that doesnt work. 
  • Zyxel_Chris
    Zyxel_Chris Posts: 705  Zyxel Employee
    Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 50 Answers
    Please be aware that the DHCP traffic cannot pass-through to VPN tunnel, therefore the DHCP service will not work, but the DNS should work in this case.
    Can you capture the packet on NSG100 via login to local GUI, LAN1 (assume 192.168.0.0/24 is located in LAN1).
    Keep file size as same as split threshold.

    Download the pap file and filter DNS, see if the DNS query has pass-through to the tunnel and AD has reply it or not.

    On the other hand, can you share more detail of ADUC implement? Is it just the AD authentication between these 2 end devices or you would add this client PC/laptop as the member to AD server?


Nebula Tips & Tricks