Hi Raj ,

Thanks for your help first ,but i try to your suggestion , i found that i can ping in both side for IP address , in hostname can't is timeout , also i add it the following acl and static

access-list insidenonat permit ip host 172.16.1.20 host 172.16.2.2

access-list dmznonat permit ip host 172.16.2.2 host 172.16.1.20

static (inside,dmz) 172.16.1.20 172.16.1.20 netmask 255.255.255.255

Is it add wins or dns need to config in my both server ???

Regards,

Stanley

Hi Raj ,

The DMZ server can join the our domain now , thx

but i have a other problem is now i being open full port in between 172.16.2.2 and 172.16.1.20 these computer , i want to be limit the port , also i add it these access-list in my PIX is not , can't be login domain account , is it have any problem ?

access-list inside permit udp host 172.16.1.20 host 172.16.2.2 eq domain

access-list inside permit tcp host 172.16.1.20 host 172.16.2.2 eq domain

access-list inside permit tcp host 172.16.1.20 host 172.16.2.2 eq 88

access-list inside permit udp host 172.16.1.20 host 172.16.2.2 eq 88

access-list inside permit tcp host 172.16.1.20 host 172.16.2.2 eq 123

access-list inside permit tcp host 172.16.1.20 host 172.16.2.2 eq 135

access-list inside permit tcp host 172.16.1.20 host 172.16.2.2 eq ldap

access-list inside permit udp host 172.16.1.20 host 172.16.2.2 eq 389

access-list inside permit tcp host 172.16.1.20 host 172.16.2.2 eq 445

access-list inside permit tcp host 172.16.1.20 host 172.16.2.2 eq 3268

access-list inside permit tcp host 172.16.1.20 host 172.16.2.2 eq netbios-ssn

access-list inside permit udp host 172.16.1.20 host 172.16.2.2 eq netbios-ns

access-list inside permit udp host 172.16.1.20 host 172.16.2.2 eq netbios-dgm

access-list DMZ permit udp host 172.16.2.2 host 172.16.1.20 eq domain

access-list DMZ permit tcp host 172.16.2.2 host 172.16.1.20 eq domain

access-list DMZ permit tcp host 172.16.2.2 host 172.16.1.20 eq 88

access-list DMZ permit udp host 172.16.2.2 host 172.16.1.20 eq 88

access-list DMZ permit tcp host 172.16.2.2 host 172.16.1.20 eq 123

access-list DMZ permit tcp host 172.16.2.2 host 172.16.1.20 eq 135

access-list DMZ permit tcp host 172.16.2.2 host 172.16.1.20 eq ldap

access-list DMZ permit udp host 172.16.2.2 host 172.16.1.20 eq 389

access-list DMZ permit tcp host 172.16.2.2 host 172.16.1.20 eq 445

access-list DMZ permit tcp host 172.16.2.2 host 172.16.1.20 eq 3268

access-list DMZ permit tcp host 172.16.2.2 host 172.16.1.20 eq netbios-ssn

access-list DMZ permit udp host 172.16.2.2 host 172.16.1.20 eq netbios-ns

access-list DMZ permit udp host 172.16.2.2 host 172.16.1.20 eq netbios-dgm

I open it UDP/TCP 53 , UDP/TCP 88 , TCP 123 , TCP 135 , UDP/TCP 389 , TCP 445 , TCP 3268 , TCP 139 , UDP 137 & 138

Pls advise again, all the best

Stanley