I am new to PIX. My query is --> I want to have a single Windows NT domain which should span both the internal network and the DMZ. What should be the config and what should be the placements of Domain Controllers, WINS servers etc on either side of the firewall.
well what u can do is have NT domain and wins servers i.e on the internal network. Now for ur DMZ machine to have the same domain u need to open few ports for those DMZ servers to ur NT domain controller. like UDP 137 , 138 and TCP 139 . As u know by default everything is close from lower security to higher. if u need help with commands and config....let me know i can help u with it.
Thanks Shabib.....Tell me one more thing.
Do I need to set up a WINS servers in the DMZ also ? It will also be helpful if you can provide me with some sample configs.
I have domain controllers and exchange server on my 'inside' ethernet. Generally, stuff that sits 'outside' NT servers with external connections, ie proxy server, fax server, routers etc ... You will need to add permitting conduits to your pix to allow the two sets of servers to talk. Good luck!