Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,I have deployed a read only domain controller in our DMZ as part of a domain-related project. That machine needs to be able to reach domain controllers on our internal network. To do so, it should traverse our ASA 5510, going from the DMZ Int...
I resolved the problem this afternoon, but unfortunately I don't have an explanation regarding its cause. My resolution consisted of routing the connection through a different firewall, so whatever the issue was (is) with the original firewall is st...
Varun,I just spent some time with one of our senior admins looking at this problem and running a number of tests (tricky, since it's a production system.) What we determined, from running packet captures, is that the traffic is being stopped on the ...
Varun,Thank you for the explanation. In our case, since the goal is to pass Windows domain traffic back and forth, I'd really like to avoid any "real" address translation (by which I mean the inside machine seeing traffic from the outside machine co...
Varun,The access list allowing the DMZ machine to the internal machine is:access-list dmz_access_in extended permit ip host dmz.rodc.domain.local host int.dc.domain.localaccess-group dmz_access_in in interface dmzI do not have either of the NAT state...
Hi Varun,Thanks very much for the tips.I applied the following access-list change:access-list inside_nat0_outbound line 1 extended deny ip host int.dc.domain.local host dmz.rodc.domain.localWhen I check the running config, that rule appears where it ...