Branch Office implementation

Similar Messages

• Windows 8.1 laptop not connecting to domain in branch office

  We have a problem with a laptop. 
  It is installed in our Head office (The Netherlands), just like all other laptops by using an image.
  Tested and working on the domain.
  The user had to go to one of our branch offices (China) and when he connected there, the laptop just won't connect to the domain.
  When he plugged in the laptop, it keeps trying to connect it's directaccess.
  Other laptops (same image) immediately recognize the domain network, but this laptop just won't.
  I am able to ping everything on the local network (MPLS connection), from HQ to all Branch offices but not access them.
  I've tried changing the DNS settings, but without any result.
  Any suggestions?

  Hi,
  According to this tool's description, I think it should be helpful to check system current enviroment, such as network, certificates, etc. problem. Actually according to your description, I doubt it probably network enviroment of ISP problem, but we should
  find a way to verify our suspect. Then this tool would be convenient, it also would generate a trace log and it would be helpful with troubleshooting.
  The DirectAccess Client Troubleshooting Tool is a graphical application, based on the .NET Framework, which checks the health of a DirectAccess client by running various tests.  Built-in health tests: The following tests are currently implemented:
  Network interfaces Network location (NLS and NRPT DNS) IP connectivity (6to4, Teredo, IPHTTPS, entry point in a multisite setup, DNS) Windows Firewall (applied profile, Firewall outbound rules) Certificates (EKU Client Authentication, trust chain for AIA and
  CRL) IPsec infrastructure tunnel (Domain SysVol share) IPsec intranet tunnel (PING and HTTP probes) Additional features Run post-check script (PowerShell, VBScript, BAT or CMD file)
  Roger Lu
  TechNet Community Support

• Branch Office CME design Verification

  Hi All,
  Please refer to the attached network diagram.
  I need to verify this can be implemented and would work.
  We have a branch office moving to a new location and they intend to keep their existing CME (for business reasons),  provided by their local service provider with ISDN line for calls to the PSTN. This is managed by the service provider and we have no access to it. However we would like to grant them connectivity to the existing corporate voice network via an IP VPN connection, which shall be put in place soon. This will enable  the branch make site to site calls within the corporate network
  With a SIP trunk between the internal and external CME, I intend to make all the phones register with the Call Manager, however on the call manager , set a route pattern for calls going out to the PSTN from this branch back to the internal CME and this will then be matched by a SIP dial peer  directing the call to the external CME out to the PSTN.
  My worry is with the delay  that might be introduced when making a PSTN call as the internal CME has to first contact the call manager in order to know where to send the call.
  So my questions are as follows,
  1. Is this solution feasible especially in terms of delay? If not,
  2. Are there any other ways to achieve the same scenario
  Thanks,
  Yomi

  Are the phones at the branch office going to register to the Internal CME? If so, all configuration for outbound dialing will be done on the Internal CME, not on UCM. ie. dial-peer on the Internal CME for outbound dialing. For phone connectivity back to UCM, you will have a SIP trunk between UCM and internal CME and that is perfectly acceptable. You "might" see some quality degradation but that is to be expected from Internet based WAN connectivity. If your RTT delay is greater than 150ms, then you might see some quality issues.

• Branch Office Direct Printing - server offline?

  Hi All,
  We are implementing Branch Office Direct Printing and I have a question about when the server is down or, in the case of a WAN connection to/from the branch going down, the client being unable to reach the server.
  I could have sworn I originally read about Windows 8/2012 being smart enough to send the print job straight from the client to the printer in cases where it can't talk to the server, but now I seem unable to locate that information.  Is that indeed
  the case (hopefully)?
  Thanks,
  Wes

  Branch Office Direct Printing may benefit your organization in the following ways:
  Client      computers running Windows Server 2012 obtain printer information from the      print server, but send the
  print jobs directly to the printer. The print      data no longer travels to the central server and then back to the branch      office printer.
  The      printer information is cached in the branch office, so that if the print      server is unavailable for some
  reason (for example if the WAN link to the      data center is down), then it is still possible for the user to print.
  The      client computer renders the print job before sending it to the printer.      The major difference between Branch Office Direct
  Printing and Client-Side      Rendering (CSR) is that Branch Office Direct Printing does not send the      print job to the server. Instead the job is sent directly to the printer,      resulting
  in a significant reduction in network bandwidth usage when the      printers are centrally managed.
  Branch Office Direct Printing Overview
  http://technet.microsoft.com/en-us/library/jj134156.aspx

• Proper Configuration of DNS server for our new branch office

  Hi All,
  Our new office will setup a new branch office with a routed network link to our HO. In HO, we have 2 domain controllers configured as AD and DNS just for fail over scenarios.
  How will we configure the DNS server of our 3rd domain controller which we will placed in the new branch office. What would be the proper settings of DNS server integrated to AD to work well especially to have a successful replication and communication to
  the 2 DC's located in HO?

  Hi,
  If you have multiple DC's in that site i would recommend using any of the partner DC's IP addresses as preferred one and secondary DNS IP to pointing to itself. Dont use loopback addresses configure it with actual IP addresses.
  If you have only one server in branch office point itself as the primary DNS and HO DC as secondary and tertiary.
  Make sure that all clients in your branch site are pointing to the branch DC as primary DNS server.
  Regards,
  Rafic
  If you found this post helpful, please give it a "Helpful" vote.
  If it answered your question, remember to mark it as an "Answer".
  This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

• Internet Access through TMG for all HO & Branch office

  Dear Experts!,
  I am new to the Forefront TMG 2010. Have requirement to implement internet access.
  Head office : 192.168.11.x/24 (192.168.11.1 is the TMG server)
  Branch Office 1: 192.168.12.x/24
  Branch Office 2 : 192.168.14.x/24
  Branch Office 2 : 192.168.16.x/24
  Forefront TMG 2010 standard edition.
  Having 3 NIC's two have different ISP network addresses and one has 192.168.11.1.
  Branch office are connected using MPLS network, the requirement is all branch site internet must be accessed through TMG 2010 server which is homed in Head Office. How to achieve ?
  What needs to be done in external firewall and in TMG for enabling internet access.
  Thanks!
  Regards, Ganesh, MCTS, MCP, ITILV2 This posting is provided with no warranties and confers no rights. Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.

  Hi Ganesh,
  Hope this helps
  1 - If you wish to give internet as Proxy to users.
  Ensure the Below subnet is able to reach TMG Internal Interface that is 192.168.11.1
  Subnet
  Branch Office 1: 192.168.12.x/24
  Branch Office 2 : 192.168.14.x/24
  Branch Office 2 : 192.168.16.x/24
  Configuration
  Enable Proxy in TMG and configure Proper Ports as per your requirements
  On the Client IE – Ensure you put Proxy IP as TMG and Port configured in TMG configuration.
  Enable a Rule
  Access Rule
  Source : Internal
  Destination : External
  Ports : HTTP / HTTPS
  Users : Authenticated Users
  2 As normal Internet as Gateway to users
  You need to request your MPLS provider to change the Default Route of below subnet to 192.168.11.1. By doing this, all the internet request from the below subnet to internet will hit TMG.
  Subnet
  Branch Office 1: 192.168.12.x/24 Default Route 192.168.11.1
  Branch Office 2 : 192.168.14.x/24 Default Route 192.168.11.1
  Branch Office 2 : 192.168.16.x/24 Default Route 192.168.11.1
  IF you have any L3 Switch then you can also make Default gateway as L3 for all the subnet and from L3 device point it to TMG
  Enable a Rule
  Access Rule
  Source : Internal
  Destination : External
  Ports : HTTP / HTTPS
  Users : All Users ( Important )
  Two ISP
  In network Rules : You need to use NAT
  You will have a Rule which NATS internal to  External
  On external - Choose which ISP interface should be used  and Apply NAT rule

• Clients Not seeing DHCP server at branch office or not accepting ip offers (NO LOG REPORTS KIND OF IN THE DARK)

  Hi there i am having an issue that has popped up recently i have a DC at a branch office that is connected to the main office DC via a Persistent Demand Dial connection in RRAS. Everything was working properly according to me until i found out that the Network
  Admin who manages the branch office network failed to notify me that client machines weren't getting IP addresses from the DHCP server. This server was recently installed and wasn't fully implemented till about a week ago when i configured the Demand Dial
  connection in RRAS up until that point it just had a regular old VPN connection to the main office while we worked out the kinks with a few things. the things ive tried so far to get DHCP working are as followed
  1.Rebooted the branch office server (MULTIPLE TIMES)
  2. Uninstalled the DHCP Role and re-installed it....To my surprise 1 client managed to get a ip on its lan adapter after DHCP was re-installed but nothing else
  3. Disconnected the connection between the main office DC and the Branch office DC as i figured the main office DC DHCP server might be interfering with the branch office DC DHCP Server but nothing happened 
  4. Unauthorized and Reauthorized the main office DHCP server and the branch office DHCP server nothing changed
  5. sifted through multiple log files on both servers and found noting in fact DHCP logs are empty on both servers
  6. restored backups of the DHCP servers from when they were working
  7. came here cause im out of ideas and im pulling my hair out
  here are the current statistics from the problem server
  Start Time: 7/12/2014 2:02:10PM
  Up Time: 1Hours, 18 Minutes, 41 Seconds
  Discovers: 90
  Offers: 90
  Requests: 2
  Acks: 13
  Nacks: 0
  Declines: 0
  Releases: 0
  Total Scopes: 1
  Total Addresses 253
  In Use 2 (0%)
  Available: 251 (99%)
  Id like to add that RRAS was getting IP addresses from the problem server up until the point i uninstalled the role and re-installed it
  heres is a ipconfig /all from the problem server
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : MNB-DC
     Primary Dns Suffix  . . . . . . . : VTEACR.LOCAL
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : Yes
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : VTEACR.LOCAL
  PPP adapter Remote Router:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Remote Router
     Physical Address. . . . . . . . . :
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 10.141.70.25(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.255
     Default Gateway . . . . . . . . . :
     DNS Servers . . . . . . . . . . . : 10.141.70.10
     NetBIOS over Tcpip. . . . . . . . : Disabled
  Ethernet adapter Local Area Connection:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
     Physical Address. . . . . . . . . : 00-16-35-AB-D3-05
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::d9e:daa4:34dd:db44%10(Preferred)
     IPv4 Address. . . . . . . . . . . : 10.141.80.102(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : fe80::226:5aff:feb7:5b3c%10
                                         10.141.80.1
     DNS Servers . . . . . . . . . . . : ::1
                                         10.141.80.102
     NetBIOS over Tcpip. . . . . . . . : Enabled
  PPP adapter RAS (Dial In) Interface:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : RAS (Dial In) Interface
     Physical Address. . . . . . . . . :
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 169.254.238.243(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.255
     Default Gateway . . . . . . . . . :
     DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                         fec0:0:0:ffff::2%1
                                         fec0:0:0:ffff::3%1
     NetBIOS over Tcpip. . . . . . . . : Disabled
  Tunnel adapter Local Area Connection* 8:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : isatap.{427DF66B-3B30-40B1-B67E-B5587465C
  394}
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 9:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
     Physical Address. . . . . . . . . : 02-00-54-55-4E-01
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 11:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : isatap.ziricom.com
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 12:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : isatap.VTEACR.LOCAL
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 13:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : isatap.{BE201060-A9B9-404A-8361-F8FFB82F5
  6F6}
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 14:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 15:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : isatap.VTEACR.LOCAL
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 16:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 19:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : isatap.ziricom.com
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  if anymore information is needed please let me know i have full access to everything on the network so its not a problem and i am able to remotely access the branch office DC and all computer and switches at any time of the day
  Viper Technologies Computer Repair Putting The Venomus Bite Back In Your Computer We Are Located In Antigonish ,NS Canada Check Us Out HTTP://WWW.VIPERTECHNOLOGIES.TK

  Hi,
  Does this issue occur on one client or multiple?
  Please check this article:
  http://technet.microsoft.com/en-us/library/cc757164(v=ws.10).aspx#BKMK_5
  Regards.
  Vivian Wang

• Auto deploying branch office printers with Direct Access

  Hello there
  I am implementing my first Direct Access topology and have a question. We will have branch offices with workstations deployed using Direct Access for administrative purposes. We have staff moving around from branch to branch with the goal to
  make logging on to the network and accessing resources for users as automated as possible. One of the questions I have regards auto configuring branch printers for users using Group Policy. The branch offices have workstations, printers and NAT modem/routers
  with DHCP - but no servers.
  If we have a stand alone network printer, how do we list that printer in Active Directory allowing the user to auto-configure it using group policy? If we install it on a server at Head Office, would the print job travel there first and then back to
  the branch? Obviously this is not ideal. Or can it be directed straight to the printer using a script or something?
  Alternatively we can install and share it on a branch workstation and list it in the directory, but would this not be same the problem as above? This is not ideal either as it would depend on the workstation being always on and available.
  Any input Direct Access gurus?
  Thanks in advance
  MIS5000

  Hi,
  Thanks for your post.
  We could have 2 possible solutions for natively deploy printers using Group Policy without the need for any scripting:
  1) Group Policy Preferences – available in Windows Server 2008 and later
  2) Print Management – available in Windows Server 2003 R2 and later
  http://blog.powershell.no/2009/11/08/deploying-printers-using-group-policy/
  Did you try to use the Print Management? You can share printers on a network and centralize print server and network printer management tasks using the Print Management Microsoft Management Console (MMC) snap-in. Print Management helps you to monitor print
  queues and receive notifications when print queues stop processing print jobs. It also enables you to migrate print servers and deploy printer connections using Group Policy.
  https://technet.microsoft.com/en-us/library/cc731857.aspx
  Meanwhile, if you have any Direct Access related issue, I think you may ask in network forums:
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverNIS
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• New Branch Office - High Security

  Hello
  we plan to have 5 branch offices each with around 40 users. All branches will be in different geographical locations. Best Security needs to be implemented in all branches. All services email, SAP, Portals are hosted in the HeadOffice Datacenter. Each Branch will have dedicated internet 5MB for Voice and DATA
  Guidelines for security  -
  ensure users cannot insert usb or cd on laptops /desktops
  laptops/desktops are allowed to access restrictive internet from Office
  Outside Laptops / Tablets not allowed to connect to network but allowed internet via wireless using Guest
  to access internet from home or Cafe users needs to connect to office VPN and then access from local Internet server (Proxy)
  vendors proposed following ;-
  3921 router for branch
  ASA 5510 for branch
  3945 router for HeadOffice ( VPN )
  Filtering - Web Washer - Mcafee
  Experts can advice what hardware will best fit on branches, what other devices I need to achieve the above goals
  Thanks
  Vishal

  Hello Vishal,
  I would recommend the following:
  For Branches:
  1-  Cisco : 2921 : Voice Licensed (you dont need a higher end above this series for 40 users).
  2-  Cisco ASA 5510: (This will be your Security appliance at each branch).
  For Head Quarter:
  1-  Cisco ASA 5520: (This Will be Your HQ Security Appliance).
  2-  Cisco 3925 or 3945 router (Voice Licensed).
  For Your Security Guidelines, here is my answers:
  ensure users cannot insert usb or cd on laptops /desktops
  FOr this purpose, you Can disable the administrative privelege on the Notebooks and PCs for All users and remove the software driver for thier USPs.
  laptops/desktops are allowed to access restrictive internet from Office
  FOr this Purpose, I would recommend using Cisco IronPort WebFiltering, it Can be easily Integrated with your Active Directory and Enforces all Filtering Policy you would require.
  Outside Laptops / Tablets not allowed to connect to network but allowed internet via wireless using Guest
  For this Purpose, I would recommend deploying Wireless LAN Controller at your HQ to have benefit and full advantage of managing your Wireless Infrastructure.
  to access internet from home or Cafe users needs to connect to office VPN and then access from local Internet server (Proxy)
  FOr this Purpose , I would also say Your Best Option is to have Remote Access VPN & (VPN Client) deployed at all employee's Notebook. Though, You Can have another Option which to have SSL-VPN deployed at your HQ, but this will have additional cost as its added value featured licensed per number of users.
  Let me Know if this answers your Question Or if you require additional assistance.
  Regards,
  Mohamed

• Head/Branch Office

  Hello Everyone,
  Can we implement the Head/Branch Office functionality in 6.0, I know it is readily available in EHP4. But we have a requirement in which we are in need to implement the concept of Head/Branch Office concept for our customer accounts which have a parent/child relationship.
  Do let me know if this is a possibility and if so how can I approach.
  Thanks,
  Kumar.

  I believe you have answered your own question.
  Yes you can use head office and branch accounts within collections management via Enhancement Package 4.
  I am in the process of writing an article about it at the moment, and have implemented it.
  Once you activated the enhancement pack and the business function set, you need to confirm how you want to use the new functionality.
  The current configuration where you assign a company code to collections management has been amended so you can select your requirements for collections management with branch accounts. (SAPLFDM_AR_CUST_VIEW)

• OSPF design for branch offices across MPLS

  Hello fellow networking engineers,
  I want to implement OSPF in our network. We have multiple branch offices, all linked to an MPLS backbone.
  I know that in order to get linked areas, I would need to setup GRE tunnels between them, but I want to avoid static/manual configurations as much as possible. With multiple sites, it would become cumbersome to create a mesh real fast.
  Is running OSPF independent areas at each site, and simply redistributing over eBGP a valid solution? This will host voice and data, and will failover to VPN connection (Cisco ASAs) if the MPLS goes down.
  For the VPN backup links, I thought of two options. Either simply using the default route to send everything to the ASA in case of MPLS "death", or inject routes using IP SLA...
  Any input would be appreciated.

  Marc
  You don't GRE tunnels to link your areas if that is what you want to do.
  If the SP supports it then you can exchange your OSPF routes between areas and they will still be seen as inter area routes rather than OSPF externals which they would if you simply treated each area as isolated from each other.
  In effect the MPLS network becomes an OSPF super backbone area and your main site would also be part of the backbone area with all your other sites having an area each.
  You still redistribute your OSPF routes into BGP but with some extra configuration on both your CEs and the SP PE devices.
  Like I say you would need to check with your SP but it is possible.
  Whether or not you need or want it I don't know.
  Your other option is as you have proposed to treat each OSPF area as an isolated one and simply redistribute into OSPF at each CE. Then within each site all non local routes would be seen as OSPF external routes.
  Either way in terms of backup I would keep it simple and use a default route at each site pointing to the ASA device. I can't see what you gain from IP SLA because if the main MPLS link goes down at any site the only other path they have out is via the ASA so there is nothing really worth tracking.
  The only other thing I would mention is remote site to remote site traffic. If there is any then presumably with your VPN tunnels you would be doing a sort of hub and spoke where the hub is the main site so you may need to think about traffic coming in from one VPN tunnel and going out to another VPN tunnel on the main site ASA.
  This would only really be needed if two or more sites had to use their backup links at the same time.
  In terms of which is better ie. OSPF inter area across the MPLS cloud or OSPF externals I can't really say to be honest. With the MPLS networks i have worked on we ran EIGRP and simply treated each remote site as an isolated AS.
  If you are already running OSPF then you may want to preserve your existing areas so it would make sense to go with the inter area option.
  If it is a new setup then I don't really know the pros and cons of either so can't really comment.
  Perhaps others may add to the thread with their thoughts.
  Jon

• Wlan controller and branch office AP (vlan config)

  Hi,
  Our wlan controller is located in HQ office and we have APs in branch office. Is it possible to implement two different SSIDs and they should be in two different vlans? So should we configure the AP trunk?
  REAP does not support IEEE 802.1Q VLAN tagging. As such, it does not support multiple VLANs. Traffic from all the service set identifiers (SSID) terminates on the same subnet, but H-REAP supports IEEE 802.1Q VLAN tagging. Traffic from each SSID can be segmented to a unique VLAN.
  Thanks

  Hello,
  As per your query i can suggest you the following solution-
  Yes, it possible to implement two different SSIDs and they can be in two different vlans.
  For more information please refer to the link-
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml
  Hope this will help you.

• Simulating small branch office in lab network

  Hi,
  I have to setup what seems to be a very basic configuration, but it doesn't work.
  In our lab there is a cluster of switches with a 3550 that does all the routing for vlans.
  I need to simulate a sort of a small branch office that has one connection
  to the outside world (the lab network).
  Here is my design:
  Vlan 230 (the internet)
  A port on 3550 is in vlan 230 and is connected to e0/0 (172.26.230.150) on 2611 router.
  e0/1 interface on a 2611 is (192.168.1.1).
  A PC is connected to e0/1 (192.168.1.12).
  From the router I can ping any host on vlan 230 and other vlans,
  I can also ping the pc connected to e0/1.
  However from the PC I can only ping 192.168.1.1(e0/1) and 172.26.230.150 (e0/0)
  Below is my configuration
  Thanks for your help.
  R2611-1#sh run
  Building configuration...
  Current configuration:
  version 12.0
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  hostname R2611-1
  ip subnet-zero
  ip dhcp excluded-address 192.168.1.1 192.168.1.9
  ip dhcp pool 192.168.1
     network 192.168.1.0 255.255.255.0
     default-router 192.168.1.1
  interface Ethernet0/0
  ip address 172.26.230.150 255.255.255.0
  no ip directed-broadcast
  no ip mroute-cache
  no mop enabled
  interface Ethernet0/1
  ip address 192.168.1.1 255.255.255.0
  no ip directed-broadcast
  no ip mroute-cache
  ip classless
  ip route 0.0.0.0 0.0.0.0 172.26.230.1
  ip http server
  no scheduler allocate
  end

  You are not performing nat on the router.
  This is typically required on a box which provides internet connectivity.
  Probably the other hosts on vlan 230 have no route back to the pc on 192.168.1.1
  Configuring nat on the router will resolve this problem.
  regards,
  Leo

• Small branch office network

  We have a small branch office (7 users) that will be moving to a building that has a Wireless Residential Gateway (Model: DPC3829).  This device provides wifi for 2 other tenants on the same floor.  Can we connect another wireless router to this wireless residential gateway device and create our own SSID so that we don't have to use the wifi settings that the other 2 tenants connect to?  
  I've attached a picture of what the back of the DPC3829 currently looks like.  I am thinking I can plug that yellow network cable into another wireless router and create our own wireless network (obviously off of their internet connection) for our 7 users. 
  Thank you for your help.

  u may but any plane wireless device and run it in bridge mode (shouldd run by default i beleive). Then connect one of its lan port to any one of the lan ports available on the DPC3829 thing.
  you are correct in what you want to do, and it can be done no problem.
  Regards
  Please mark answer as correct if it helps.

• VPN CLient TO access HO through BRanch office

  We have a branch office using cisco 1841 , which makes vpn to HO (ASA 5505)
  , both (1841 and asa )have VPN CLient Configured .we need Branch office VPN software client users to Connect to HO netword.i have tried but iam missimg out some where. I've attached some configs of both devices.can any one help ASAP.

  Here is the URL for the Configuring and Managing Connection Entries for the VPN follow the steps for configuration which will help you :
  http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_user_guide_chapter09186a008015e271.html