Re: File sharing between an AD Domain controller and a member server through a firewall
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 06/10/04
- Next message: raul: "Re: Kerberos authentication fails"
- Previous message: Steven Umbach: "Re: File sharing between an AD Domain controller and a member server through a firewall"
- In reply to: Steven Umbach: "Re: File sharing between an AD Domain controller and a member server through a firewall"
- Next in thread: Clementius: "Re: File sharing between an AD Domain controller and a member server through a firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 10 Jun 2004 05:34:16 GMT
Scratch the idea for ipsec between the two computers. Forgot when I posted that you
can't use ipsec between a domain member and a domain controller. A lt2p vpn
connection to a ras server on the lan and through the firewall with a persistent
connection may be something to consider though and would require certificates for
both machines which is easy enough to do for a W2003 domain. --- Steve
"Steven Umbach" <n9rou@n0spam-comcast.net> wrote in message
news:%1Sxc.10567$0y.4335@attbi_s03...
> See if the following KB article helps and pay particular attention to how
> dynamic rpc works and how to configure a server and firewall for it. You may
> also want to check your firewall logs for dropped traffic from the computer in
> the dmz and I would not be surprised if it showed inbound traffic to ports in
> the range 1025-30 to the domain controller as the problem. Otherwise consider
> using ipsec policy with a rule that allows ipsec protected traffic between the
> two computers and through the firewall. -- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B179442
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B233256
>
> "Clementius" <anonymous@discussions.microsoft.com> wrote in message
> news:%23ecQTDpTEHA.2324@TK2MSFTNGP10.phx.gbl...
> > Hi,
> > I am configuring an access-list for traffic from a dmz server to an internal
> > server. The dmz server is a 2003 domain member server. The internal server
> > is a 2003 AD controller and file server. The plan is to allow file access
> > from the dmz server to the internal server. Eventually, the dmz server will
> > be a front-end to the internal server from the Internet through SSH or
> > Terminal Server sessions. So far I opened the following ports to the
> > internal server (from the dmz) on the firewall:
> > TCP domain
> > UDP domain
> > tcp 88
> > udp 88
> > tcp 135
> > udp 389
> > tcp 389
> > tcp 445
> > udp netbios-ns
> > udp netbios-dgm
> > tcp netbios-ssn
> >
> > I am able to perform nslookup from the dmz server using the internal server
> > for DNS and NAT seems to work fine. But when I try to map a drive from the
> > dmz server to a share on the internal server I get: "The drive could not be
> > mapped because no network was found".
> > Am I missing something? Thanks for your help. C
> >
> >
>
>
- Next message: raul: "Re: Kerberos authentication fails"
- Previous message: Steven Umbach: "Re: File sharing between an AD Domain controller and a member server through a firewall"
- In reply to: Steven Umbach: "Re: File sharing between an AD Domain controller and a member server through a firewall"
- Next in thread: Clementius: "Re: File sharing between an AD Domain controller and a member server through a firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
