Normally the whole inside network should be protected by the firewall.
Do not open unnecessary ports on the firewall.
So windows 2000 DC will follow the same rule as well.
If you have a email server or web server, normally put in DMZ interface.
you can filter the traffic.
http://www.cisco.com/warp/customer/110/mailserver_dmz.html
Best Regards,
