Site to Site VPN connection for two Domain Controllers

Similar Messages

• Losing connection to the Domain Controllers at a remote site

  We have a remote site with a IPsec tunnel for a site to site connection and there are about a dozen window 7 systems on site.  Every 3 to 5 weeks, the systems start to lose the ability to log into the domain.  Running some tests, the DNS names
  keep resolving, their subnet is setup in Sites and Services to the group with the DC's and they are setup correctly for IP settings but seems like they still can't connect back to the DC's.  From there, under network profiles, it says the domain network
  is unauthenticated.  
  The only way we have found to fix this is to dis-join the computer from the domain and rejoin it.
  Is there a way from the computer to force it to re-authenticate without having to do this or a better fix?

  Hello Technsopyder,
  Do you means all the Windows 7 use the IPsec will lose connection to the Domain Controllers every 3 to 5 weeks?
  Do you receive the error code 5719 and 3210? Could you please provide the whole error message?
  Please check if you need to change the password before this issue as Brano Lukic mentioned.
  Best regards,
  Fangzhou CHEN
  Fangzhou CHEN
  TechNet Community Support

• Same Connection for two PreparedStatements?

  Dear Experts,
  Is it better to use two connections for two different PreparedStatements ?
  Let me elaborate:
  I have to iterate in a loop & for each iteration I need to
  a) Select a row.
  b) Possibly update that row depending on some condition.
  My question is:
  Do I use only one connection, & then use the select & update (one after the other) on the same connection,
  Or do I use two different connections & have two separate preparedStatements & just execute them each time in the loop?
  Thank you for your anticipated responses.
  Sandeep

  Here is how I would approach this issue:
  In the database table, I would add another column called 'version'. When the record is first inserted into the database, I would set version=1. Each time the record is updated, I would increament version by 1 (example: 2, 3, 4, etc).
  Now, in your program, I would open a conneciton, then I would read in all the records at once (via a query) into an array. I would not read in all the fields from each record, just read in the fields you need to examine, plus read in the 'version' field. Close the resultSet and preparedStatement since you dont need them anymore for the query because you transfered all the data into the array.
  Next, I would use the same connection to create a new preparedStatement for updating. Loop through the array looking for a record you need to update. If you find one, I would update the record but add to the sql's 'where' clause a test to ensure the record has not been altered since the last time it was updated (check the 'version'). Example:
  update person set firstName='Joe', version=(23+1) where verson =23.
  Where '23' came from the 'version' you stored in the array you previously read in. If the update returns with a '1', it
  was updated successfully. If it returns '0', the record was updated while you were evaluating the record. If that happens, take whatever action you think you need to take. Note there is no need to set up a transaction.

• Connect two domain controllers to SAN storage

  Hi everyone
  I have primary and secondary domain controllers, I want to connect them to SAN storage as a cluster, I tried to configure Failover Clustering on them, but when adding them both to the Create A Cluster Wizard, I receive the following error (see the link)
  http://s14.postimg.org/lssjm2vu9/Screenshot_1.png
  so, is there any solution for this error, or may be there is another way to connect both DCs to the storage as cluster.
  any help will be appreciated,

  Hi,
  as I know this configuration is not supported.
  http://support.microsoft.com/kb/2795523/en-us
  Regards
  Guido

• FTP Connection for Two Local Sites Needed

  v1 of my html5 pages successfully loaded onto the ISP server. The pages were done in a hurry without a lot of CSS thought. v2 corrects that but I'm unable to ftp to the server. I'm not clear why I can't just select which local site to connect with. Server connection from the first local site worked just fine, then, 30 seconds, later local site v2 can't find the connection.

  I'm assuming you have two different site definitions set-up in DW.  One for Site1 and another for Site2.  Whichever one is giving you grief, try toggling passive FTP on/off. You'll find it under Servers > More Options.  See screenshot.
  Nancy O.

• Setup router to router VPN connecting 2 windows domain networks via 2 RV042 routers

  I am using 2 RV042 routers.  I have created a point to point VPN with Remote Security Group Type= Subnet, using the default IPSec settings. 
  Under advanced settings-  Aggressive Mode, Keep Alive enabled.
  Location A- SBS 2011 standard, Servername=SBSServer, Domainname = Smallbusiness.Local, IP address 10.1.10.50
  DHCP range 10.1.10.100 to 10.1.10.175.  DNS and Print services. No WINS.  
  Location B- Server 2008 R2, Sername=SBSServer, Domain name=Smallbusiness.Local, IP address 192.168.10.50
  DHCP range 192.168.10.100 to 192.168.10.175,  DNS, Print Services and Remote Desktop Services.  No WINS
  I am wondering 2 things.  Can I setup the VPN tunnel to route traffice between the 2 networks without changing the server names.  Leaving the servernames the same.  I have it setup that way but also had netbios broadcast enable.  If I disable netbios broadcast will that be enough for these networks to be independent of each other.  I was hoping not to have to rename the domain and there are advantages to having the same user and domain name when mapping drives between networks.  I have not needed to authenticate those drives or provide credititals for printing either. 
  2) Should I change the domain name so that each network has a unique domain name or, if I change the servername of the 2008 R2 server will that essentially solve my network issues, the primary issue being that location b has clients that occasionally can not find the 2008 R2 domain controller.  After a restart the usually resolve to the correct domain controller.
  Essentially what I am asking is what are the best practices to connect 2 separate Windows domain networks via a VPN and have those networks capable of file sharing to the each others domain server and printing to the network printers at both loations.
  Should I have separate domain names-
  Should I have separate server and computer names-

  "reserved not zero on payload" generally means your pre-shared keys don't match. Try removing the "crypto isakmp key ...." line and retyping it in again on both sides. In particular DON'T cut/paste it from one router config into another, this quite often puts a space character onto the end of the key, which the router interprets as part of the key and they therefore don't match.

• Licensing for two domain servers

  Hello all,
  I have (so far) one Windows Server 2012 R2 Foundation acting as a domain controller. We are planning on adding second DC (within same domain/tree/forest) as a redundant server. Servers are used only for direct access within LAN (same subnet/VLAN, no terminal,
  no Hyper-V). Will number of CALs add up (to 30 CALs) or do I still have only 15 CALs ?
  Thanks in advance for Your response.
  Regards

  Thanks for Your answers.
  I don't think I understand You correctly.
  1. Server Foundation comes with 15 CALs
  2. I'd like to get a second server for redundancy in my office domain. 
  3. It would be second machine with separate install of WinSrv2012R2 (same version, but different CALs).
  4. Both come with 15 CALs each (this is standard for Foundation)
  SO QUESTION IS:
  Even if I have second install do I need additional CALS if I have 20 users?
  diramoh -
  1. Does that mean I need to buy additional CALs if I have 20 users and TWO WinSrv2012 Foudations
  2. If so Why do I need Standard Edition, why not only Essentials?
  3. What about using one DC with 15 CALs per server and other DC with 15
  per seat
  Thanks again for Your help, support and answers.
  Regards,
  ~V...

• ACE: Single SSL Cert for two domains with same VIP

  At present I have a design that will use individual SSL cert per domain and link both certs to (two or one) serverfarm.
  policy-map multi-match popvip_01
  class POP_VIP01
  loadbalance vip inservice
  loadbalance policy POP-POp3_PMT or popPMT1
  loadbalance vip icmp-reply
  ssl-proxy server GINPOP_SSLPROXY
  connection advanced-options TCP_PARAM_Y
  class POP3_VIP02
  loadbalance vip inservice
  loadbalance policy POP-POp3_PMT or POPPMT2
  loadbalance vip icmp-reply
  ssl-proxy server GINPOP3_SSLPROXY
  connection advanced-options TCP_PARAM_Y
  however,
  if I can get one single certificate to process both pop and pop3 domains, that use the same VIP/port, and if this will work with ACE, i'm inclined to design using this alternative.
  ie,
  pop.mydomain.com = 10.10.10.1 995
  pop3.mydomain.com = 10.10.10.1 995
  Any suggestions would be appriciated.

  Hello,
  In order to achieve this then you will need to order a wildcard certifictae ie
  *.mydomain.com
  These certificates are more expensive and so you will probably find it cheaper to buy two certificates than one wildcard certificate.
  Regards

• I downloaded an album and it said it failed to connect for two of the songs i purchased and put a ! by the songs ,how do i get them without having to buy them again

  has this happened to anyone else

  do these steps
  -first contact iTunes store to have them clear the bad songs from the download queue
  -after that restart the computer and the will disappear along with the bad songs
  -and then follow this article Download previous purchases

• Two Domain Controllers with the Same Name

  So I was working on setting up our new branch office DC. Anyway, the server failed to join the domain the first time because it upgraded the AD schema (This was our first 2012 R2 server) and the schema wasn't synced to all the other remote offices. So I
  forced a sync, joined the server as a workstation, then made it a domain controller.
  Anyway, after that the server would show itself as a DC in Active Directory, but all the other servers believed it was just a workstation. So, I removed Active Directory from the server (I had to force the removal). I reset the computer account on the local
  DCs, then rejoined it to the domain and made it a domain controller again. This time, it appeared as a Domain Controller on the other DCs in the domain.
  Now for the issue --- I've now got two objects for the server under AD Sites and Services. One of them doesn't appear to have any AD DS connections. The other has connections, but not all of them work correctly (I get errors when I tell certain connections
  to sync).
  What should I do to fix this?
  I'm still in the setup phase of this, so I can do anything I want with this particular server. I was thinking I would demote from a Domain Controller, remove it from the domain. Then use ntdsutil to cleanup any other metadata that is hanging around in AD (Something
  like: https://support.microsoft.com/KB/216498?wa=wsignin1.0 )
  Does anyone else have suggestions on what I should do to fix this? --- I'm being overly cautious here as I do not want to mess anything up in Active Directory.
  Thanks!
   

  I have not done a metadata cleanup.... I was asking if I should.
  The connections on the valid server appeared to be working before I deleted them (Maybe it took a while to replicate ? )
  So I went through and deleted all the AD Sites and Services connections from both servers (The broken server had 5 connections to the same DC in another site). Anyway, I ran repadmin /kcc and it regenerated a connection to a server in the remote site, but
  it also generated a connection between the two servers with the same name. I ran dcdiag after I did the repadmin /kcc. Anyway it shows:
  Directory Server Diagnosis
  Performing initial setup:
  Trying to find home server...
  Home Server = DC-01-CLE
  * Identified AD Forest.
  Done gathering initial info.
  Doing initial required tests
  Testing server: Cleveland\DC-01-CLE
  Starting test: Connectivity
  ......................... DC-01-CLE passed test Connectivity
  Testing server:
  Cleveland\DC-01-CLE\0ACNF:203cf49f-8cb3-4915-b122-be31ddd6e10e
  Starting test: Connectivity
  [DC-01-CLE\0ACNF:203cf49f-8cb3-4915-b122-be31ddd6e10e]
  DsBindWithSpnEx() failed with error 5,
  Access is denied..
  Got error while checking LDAP and RPC connectivity. Please check your
  firewall settings.
  DC-01-CLE\0ACNF:203cf49f-8cb3-4915-b122-be31ddd6e10e failed test
  Connectivity
  Doing primary tests
  Testing server: Cleveland\DC-01-CLE
  Starting test: Advertising
  ......................... DC-01-CLE passed test Advertising
  Starting test: FrsEvent
  ......................... DC-01-CLE passed test FrsEvent
  Starting test: DFSREvent
  ......................... DC-01-CLE passed test DFSREvent
  Starting test: SysVolCheck
  ......................... DC-01-CLE passed test SysVolCheck
  Starting test: KccEvent
  A warning event occurred. EventID: 0x80000785
  Time Generated: 12/15/2014 09:58:02
  Event String:
  The attempt to establish a replication link for the following writable directory partition failed.
  A warning event occurred. EventID: 0x80000785
  Time Generated: 12/15/2014 09:58:02
  Event String:
  The attempt to establish a replication link for the following writable directory partition failed.
  A warning event occurred. EventID: 0x80000785
  Time Generated: 12/15/2014 09:58:02
  Event String:
  The attempt to establish a replication link for the following writable directory partition failed.
  A warning event occurred. EventID: 0x80000785
  Time Generated: 12/15/2014 09:58:11
  Event String:
  The attempt to establish a replication link for the following writable directory partition failed.
  A warning event occurred. EventID: 0x80000785
  Time Generated: 12/15/2014 09:58:11
  Event String:
  The attempt to establish a replication link for the following writable directory partition failed.
  A warning event occurred. EventID: 0x80000785
  Time Generated: 12/15/2014 09:58:11
  Event String:
  The attempt to establish a replication link for the following writable directory partition failed.
  A warning event occurred. EventID: 0x80000785
  Time Generated: 12/15/2014 10:03:37
  Event String:
  The attempt to establish a replication link for the following writable directory partition failed.
  A warning event occurred. EventID: 0x80000785
  Time Generated: 12/15/2014 10:03:37
  Event String:
  The attempt to establish a replication link for the following writable directory partition failed.
  A warning event occurred. EventID: 0x80000785
  Time Generated: 12/15/2014 10:03:37
  Event String:
  The attempt to establish a replication link for the following writable directory partition failed.
  ......................... DC-01-CLE passed test KccEvent
  Starting test: KnowsOfRoleHolders
  ......................... DC-01-CLE passed test KnowsOfRoleHolders
  Starting test: MachineAccount
  ......................... DC-01-CLE passed test MachineAccount
  Starting test: NCSecDesc
  ......................... DC-01-CLE passed test NCSecDesc
  Starting test: NetLogons
  ......................... DC-01-CLE passed test NetLogons
  Starting test: ObjectsReplicated
  ......................... DC-01-CLE passed test ObjectsReplicated
  Starting test: Replications
  ......................... DC-01-CLE passed test Replications
  Starting test: RidManager
  ......................... DC-01-CLE passed test RidManager
  Starting test: Services
  ......................... DC-01-CLE passed test Services
  Starting test: SystemLog
  A warning event occurred. EventID: 0x00001795
  Time Generated: 12/15/2014 10:03:37
  Event String:
  The program lsass.exe, with the assigned process ID 600, could not authenticate locally by using the target name LDAP/a23a13d0-8434-4344-bd6b-24fdf5576329._msdcs.mydomain.local. The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name.
  ......................... DC-01-CLE passed test SystemLog
  Starting test: VerifyReferences
  ......................... DC-01-CLE passed test VerifyReferences
  Testing server:
  Cleveland\DC-01-CLE\0ACNF:203cf49f-8cb3-4915-b122-be31ddd6e10e
  Skipping all tests, because server
  DC-01-CLE\0ACNF:203cf49f-8cb3-4915-b122-be31ddd6e10e is not responding to
  directory service requests.
  Running partition tests on : DomainDnsZones
  Starting test: CheckSDRefDom
  ......................... DomainDnsZones passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... DomainDnsZones passed test
  CrossRefValidation
  Running partition tests on : ForestDnsZones
  Starting test: CheckSDRefDom
  ......................... ForestDnsZones passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... ForestDnsZones passed test
  CrossRefValidation
  Running partition tests on : Schema
  Starting test: CheckSDRefDom
  ......................... Schema passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... Schema passed test CrossRefValidation
  Running partition tests on : Configuration
  Starting test: CheckSDRefDom
  ......................... Configuration passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... Configuration passed test CrossRefValidation
  Running partition tests on : mydomain
  Starting test: CheckSDRefDom
  ......................... mydomain passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... mydomain passed test CrossRefValidation
  Running enterprise tests on : mydomain.local
  Starting test: LocatorCheck
  ......................... mydomain.local passed test LocatorCheck
  Starting test: Intersite
  Doing intersite inbound replication test on site Cleveland:
  ......................... mydomain.local passed test Intersite
  I've attached a screenshot of AD Sites and Services. Please note I've erased some info for privacy reasons (The site the other DC is in has been erase as well as part of its name).
  Picture of AD Sites and Services

• Enable Site to Site VPN option in Windows Azure Network on existing VNET

  Hi Experts,
  There are two separate subscriptions in Azure in which we have already VNET created, on the same VNET there is no site to site vpn option enabled, so I have different scenarios as below along with questions related to this.
  I will create two VNET in one subscription (We will use IaaS nothing else) named VNET1 and VNET 2, VNET 1 will be used for external web sites which is why we do not want to enable communication with VNET2, VNET2 will have a site to site VPN established with
  our on premises, VNET1 has its own Active Directory and VNET 2 will have its own Active Directory (I am not talking about Windows Azure Active Directory) these Active Directories has nothing to do with each other. Currently we will go with this design (I hope
  there is nothing wrong in it), for VNET 1 we will use 192.168.16.0/24 and VNET we will use 192.168.0.0/24. In the future we might need both VNET to communicate with each other, which means we will need to connect VNET to VNET communication, my questions are
  1. Can we enable site to site vpn option once the vnet is created as VNET 1 is not created using site to site vpn option enabled.
  2. If it is possible then how to enable it as I do not see the option available
  3. If it is not possible then how to design VNET1 in a way that currently it would not communicate with VNET 2 as well as in the future we would enable communication between VNET1 and VNET2 by creating the site to site vpn between VNET1 and VNET2.
  4. lets say that VNET 2 is already enabled for site to site VPN with our on premises and once it is required to create site to site vpn between VNET 1 and VNET 2, where site to site vpn of VNET2 with our on premises should remain
  same as well as we will add one more site to site vpn between VNET2 and VNET1 is it possible, if yes would it break the VNET2 site to site vpn with on premises or it would only connect with one either on premises or VNET1.
  5. What if in the future we want to enable VNET to VNET vpn connection between two subscription where we already have a VNET 2 which is connected with on premises as well as with VNET1 and we now want VNET2 to connect with another VNET in another subscription
  as well as we would like to have a communication / connectivity as below
  VNET2 with VNET in another subscription
  VNET2 with VNET1
  is it possible with question number 5 and we should not loos connectivity between any of the Vnet or vnet to on premises. ofcourse I know that network should not collapse with each other.
  6. by achieving question number 5, VNET from another subscription can communicate with our on premises network through VNET2 and VNET from another subscription can also communicate with VNET1 through VNET2 as well as VNET2 and VNET 1can communicate with
  VNET from another subscription and VNET1 and VNET 2 can also communicate with another subscription's on premises network using VNET, please correct me if I misunderstood some thing as well as how this will be achieveable by adding network ips of each network
  on local network option of each VNETs.
  I hope it is not too complicated.
  Thanks
  If answer is helpful, please hit the green arrow on the left, or mark as answer. Salahuddin | Blogs:http://salahuddinkhatri.wordpress.com | MCITP Microsoft Lync

  Knock Knock some one there, can some one please answer the question
  If answer is helpful, please hit the green arrow on the left, or mark as answer. Salahuddin | Blogs:http://salahuddinkhatri.wordpress.com | MCITP Microsoft Lync

• Connecting two remote LANs through a VPN connection

  1)   
  I am trying to interconnect
  two LANs as you see below.
  2)   
  The scenario is to interconnecting two LANs with a
  single domain “domain.local” in order to have
  two domain controllers backing up each other. We already have a Domain Controller “SRVDC1.domain.local” in our local network “LAN1” and another Server which is going to be as both our
  secondary domain controller and VPN Server “SRVDC3.domain.local” in our remote network “LAN2” where is the
  Netelligent Network. I am trying to make these two servers (our two LANs)
  visible to each other by a MikroTik Cloud Router Switch solution.
  3)   
  I am using a
  MikroTik Router as a PPTP Client to VPN to our
  Remote Server SRVDC3 (87.75.45.66/29).
  4)   
  All the computers in
  LAN1, including Server SRVDC1, have a gateway set on “192.168.10.1” which is a
  Asus WiFi Router as a core switch which is connected to our Fiber Optic Translator. <o:p></o:p>
  5)   
  To prevent and minimize any down-time risk during the configuration, I have isolated one computer “table2pc5.domain.local” as sample of the
  whole network; by changing its gateway set to 192.168.10.6 (the
  Ether3-Slave-Lacal-interface on the MikroTikRouter).
  I am going to replace the “Asus WiFi Router” shown in the map, by the
  MikroTik Router later, after making sure that everything would work properly, so, everything is going to be naturalized after.
  6)   
  My
  solution simply can be explained as below:
  a.   
  Providing
  another interface in addition to “Netelligent Network” adapter.
  b.   
  To
  assign a LAN-based IP (in network range 192.168.10.0/24) to the added adapter (Microsoft Virtual Adapter)
  c.   
  Configuring
  SRVDC3 in Netelligent network “LAN2” as
  a Remote Access Server (VPN Server).
  d.   
  To provide a
  MikroTik Router/Firewall on the Edge of the
  LAN1 as VPN Client.
  e.   
  Configure
  MikroTik Router VPN PPTP connection to
  SRVDC3 via the Internet.
  f.     
  To have
  two LANs connected through a permanent VPN connection.
  7)   
  IP Addresses for the three EDGE-Devices (SRVDC1
  ßàMikroTik
  Router ßàSRVDC3)
  are as below:
  a.   
  SRVDC1:
  Interface:          
  Local Area Connection
  IP Address:          
  192.168.10.2/24
  Gateway:          
  192.168.10.1/24         
  (Asus WiFi Router)
  DHCP Server Pool:          
  192.168.10.1 – 192.168.10.254 (exclusions 10.1-10.50 , 10.50-10.99 , 10.200-10.254)
  b.   
  MikroTikRouter:
  Interface:          
  Local IP          
  IP Address:     192.168.88.1/24
  Interface:          
  Ether1-gateway-master         
  IP Address:     192.168.0.1/24
  Interface:          
  Ether2-master-local               
  IP Address:     192.168.88.1/24
  Interface:          
  ether3-slave-local                  
  IP Address:     192.168.10.6/24
  DHCP Server Pool:          
  192.168.10.1 – 192.168.102.254
  c.   
  SRVDC3:
  Interface:          
  Netelligent Network                
  IP Address:     87.75.45.66/29
  Gateway: 87.75.45.65/29
  Interface:          
  Microsoft Network Adapter     
  IP Address:     192.168.10.50/24
  Gateway: 192.168.11.1
  Interface:          
  PPP Adapter RAS                  
  IP Address:     192.168.11.1/24                      
  gateway:
  8)   
  The node “table7pc2.domain.local” is not able to see<o:p></o:p>
  Now, I would ask you to help me to realise this solution by helping me to find the Bad-Routing problem, and letting me know how to fix it.
  What NAT / Rout Paths or any configuration do I need to make this two LANs visible and recognizable to each other?
  I would introduce you critical nodes which play important roles in this configuration. I have tried to colour-mark them in order to have a better recognition once you take a look at the “Ping Result” table.
  The “Ping Result” table would give you an idea which nodes are able to see which others and where does problem hide itself?

  I got my own answer :D
  1) I have to right-click on my "Routing and Remote Access" Server.
  2) on IPv4 tab, I should define a static IP Pool. I had it done before; but since that I had chosen a wide range as 192.168.11.0/24, every time the router was taking a different IP address; so I should define a very small pool with two 2
  nodes as 192.168.11.1 and 192.168.11.2. In this way, I'll have the local address (router) as 192.168.11.2 and the remote address (my remote server) as 192.168.11.1
  3) After establishment of the PPTP connection successfully, I should add an static route to the "Netelligent Network" adapter. I had it done but in the RRAS routes, so that's why it didn't work. so:
  C:\SRVDC3>_ route -p add 192.168.10.0 mask 255.255.255.0 192.168.11.2
  [Enter]
  Now, I would be able to ping all of the computers whose their gateways are set on 192.168.10 (router)
  and If I wand to see all of the computers  at the first LAN, I have to put my router at the edge of the network, instead of the ASUS WiFi Router, then change it's IP address to 192.168.10.1 or alternatively set all of the computers gateways on 192.168.10.6.

• Setting up PIX515E VPN for two networks

  Hello,
  We have a PIX515E and I want to set it up so it can serve client VPN connections for a network on the inside interface and also for a network on the dmz interface.
  On a client machine we set up the ip address of the PIX in a VPN connection and the user can log on using credentials and domain. Now the PIX has to look up credentials using RADIUS, but some users are known on domain A (inside interface) and some users are known on domain B (dmz interface). Domain B is completely different and uses other internal ip addresses, dns servers, ip pool etc.
  Already I have set up VPN for the inside interface and that was easy and it works ok.
  But can I create such a configuration? We only have one DSL line and we want both networks (domain A 192.168.1.x and domain B 192.168.10.x) to go through this PIX.
  Your help is more than appreciated!
  Regards,
  Frank

  rob,
  i don't know your budget requirements, but here is a relatively easy solution:
  http://www.apple.com/server/macosx/features/networkingvpn.html
  and here is an OSS solution that will take a bit more work (but should run on an older box with bsd, linux, or os x running on it):
  http://openvpn.net/
  cheers,
  b

• Need to change reconfigure vpn connection due to new ip address

  My current situation is that i have 8 ASA site to stie vpn connected together. My company is changing isp providers and we wont' be using the same ip address anymore on two of the sites. I know i have to change the outside ip address on the ASA for the two sites but how do i configure the vpn with the new ip address? Do i need to configure ASA again from scratch and use the vpn wizard to connect all my sites? And if do have to configure from scratch how do i remove the old tunnel and ip address from the other ASA?

  To remove the configuration for an exisitng tunnel fro mCLI :
  clear configure tunnel-group
  clear configure crypto map
  clear configure access-list
  Yes, you have to configure ASA for new tunnels from scratch.
  -Kanishka

• Windows 8.1 Pro Cannot Connect to Domain Controllers through Wi-Fi

  I have a domain joined Surface 2 Pro running 8.1 Pro Update that is suddenly unable to connect to the domain controllers on the local network. The machine is fully patched. I'm guessing that it is some network level security issue because the wi-fi is working:
  It has no trouble connecting to my Wi-Fi hotspot on my phone.
  It has no trouble connecting to other Wi-Fi at coffee shops etc.
  It is connecting to my home Wi-Fi and gets an address from DHCP on the domain controllers, but can't ping the DCs, access the DCs through remote desktop even using their IP address.
  It can ping the router and ping systems on the internet using their IP address rather than hostname.
  I can fully access internet systems if I point it at DNS on the router but still cannot access internal systems by name or IP address.
  The Wi-Fi network shows as a public network rather than a domain.
  It will work fine when it is docked and using the dock's ethernet adapter.
  If I use VPN to loop back through my router then I am able to fully access local systems.
  None of the other systems on the network are experiencing the same issue.
  I have tried the following which didn't work:
  Switched off the Windows Firewall on the Windows 8.1 system and a domain controller.
  Network Troubleshooting - which told me that the network seems OK but the DNS servers are not responding.
  Uninstalling the Wi-Fi device and restarting the system to re-install it.
  Resetting TCP/IP.
  I am not aware of any changes, but the system did install System Hardware Update 8/07/2014 (again!) but I can't recall if that was when the problem started or was just a coincidence.
  Any suggestions?
  Thanks,
  Richard
  Richard-F

  Hi Richard,
  Apologize for my slow understanding.
  I thought as it could obtain IP address from the DC, it should have connections between them.
  For the current situation, you may take a try to disable the firewall on the DC, then check the port that used by AD environment is all available,
  Active Directory and Active Directory Domain Services Port Requirements, you could take use of this tool:
  PortQryUI - User Interface for the PortQry Command Line Port Scanner
  If all available and issue still insists, then issue here seems to be restricted with the wireless router. You may try to contact the router side and see if they could offer any further useful information regarding this situation.
  Best regards
  Michael Shao
  TechNet Community Support