06-22-2005 11:15 PM - edited 03-09-2019 11:38 AM
Hi, without knowing too much how AD works I faced issue while putting clients inside pix and leaving domain controller/file server outside.
XP clients will use only directory mapping on simple file server.
10.11.0.0/24 with XP-----in_PIX501(v6.34)_out-----192.168.0.0/24 with AD
Pix does PAT and has inbound and outbound acl without any static commands.
What traffic should allow out and what in? While I tried also without any restrictions I received prompt on XP but it failed with login/passwords.
Thanks for usefull tips!
06-23-2005 05:08 AM
You do not want to do NAT between a windows client and server if you want file sharing or logons to work between them.
WHy is the DC/file server outside the pix?
06-23-2005 05:39 AM
There was some companyA PCs on companyB's LAN using companyB's AD. CompanyB had to be moved to self managed LAN because of companyC, while file server and the domain were remaining same. A policy issue don't ask more, I just work there ;)
So I could make nat0 across the pix and add
Is the issue PAT? Could it work with static outside NAT command where DC is introduced as 10.11.0.100 on the inside?
Thanks for the answer! -tonic
06-23-2005 09:19 AM
The best way is no NAT, so a nat 0 and static'ing across the pix is best. PAT will likely mean no functionality whatsoever. YOu want no NAT so clients can register successfully with dynamic DNS and WINS, and have those records be accurate. If DDNS is broken, you likely will have numerous active directory issues.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: