Join domain over Pix vpn tunnel

Hello all,

Having an issue here.  I am setting up a second domain controller in Canada to our Win2003 domain in the US.
I have setup a  Pix site to site VPN tunnel and it seems to be working fine.  I can ping both networks from either side by IP.
The DC in the US is running AD and DNS.  The DC in Canada cannot join the domain to configure AD and replication yet.
I have pointed the Canada DNS to itself as primary and to the DC in the US as secondary.  I have setup forwarders to their ISPs DNS for internet and added a DNS suffix for the domain name.  Nothing should be blocking traffice on the Pixes because it's my understanding that all ESP traffic from the tunnel is allowed both ways.  What am I doing wrong?  
rick_me27Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lepiafCommented:
you may want to verify with your ISP, because some don't allow tunneling. I had that issue as well...

cheers,
LePiaf
0
infombpCommented:
I have had same problem with Windows 2003 AD servers and wanting to join a other location to the AD thrue a VPN. I use SonicWall TZ170 Firewall's in both locations and Netbios traffic was blokked on the VPN tunnel. After allowing this traffic I was able to connect to the remote AD and join it. So you can temporarily allow NetBios traffic on the VPN tunnel.  When this traffic is allowed it's more likely you can join the domain in the other location. After the join process is finished you can disable Netbios traffic again of you want.
0
rick_me27Author Commented:
hmm...  anyone know how to enable netbios traffic on a Pix?   Worth a shot.  
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

lrmooreCommented:
Netbios broadcasts cannot be propogated across the VPN tunnel through the PIX.
If you can ping both ways, you have a simple netbios name resolution issue. With AD, you should be able to join the domain if you point the Ca DC to the US DC as primary DNS....
Some helpful links:
Windows 2000 DNS - Diagnosing Name Resolution Problems
http://www.microsoft.com/windows2000/techinfo/reskit/en-us/cnet/cncf_imp_zvri.asp
FQDN = Fully Qualified Domain Name

Windows 2000 DNS - Solving other common DNS problems
http://www.microsoft.com/windows2000/techinfo/reskit/en-us/cnet/cncf_imp_ibxf.asp

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rick_me27Author Commented:
jeez, I hope it's that simple.  I'm gonna test that and try it right now.
0
rick_me27Author Commented:
Yessssssssssssss.   that worked.  Beating my head for two days on cisco and it's as simple as that.  I should have known.
Thanks lrmoore
0
lrmooreCommented:
Glad to help!

- Cheers!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.