drakba
asked on
DCpromo across a PIX firewall that is NAT-ting the address.
I am trying to create a new domain. I have a Firewall with 3 legs. One to the Internet, one to one lan, one to a different lan.
There is NAT setup, with address forwarding. On one leg of the PIX, I have addresses 172.17.x.x. On the other LAN leg, I have 172.31.x.x. I am natting the 172.17 address to give the local side a 172.31.0.1 address that gets translated to 172.17.0.2. (not my setup, I have inherited it). I have setup the firewall to pass ipsec from one lan to the other.
I ran DCPromo on one side (the 172.31 side), and all completed fine.
I tried to join the other side to the domain, and it failed w/ dns errors.
I did setup dns on both servers, and did a zone transfer, and it DID work.
I adjusted the ip address of the A record to match the natted ip address (it's local address on it's side, that translates to the other side)
No dice.
Any idea's on how to make this work?
Thanks!
There is NAT setup, with address forwarding. On one leg of the PIX, I have addresses 172.17.x.x. On the other LAN leg, I have 172.31.x.x. I am natting the 172.17 address to give the local side a 172.31.0.1 address that gets translated to 172.17.0.2. (not my setup, I have inherited it). I have setup the firewall to pass ipsec from one lan to the other.
I ran DCPromo on one side (the 172.31 side), and all completed fine.
I tried to join the other side to the domain, and it failed w/ dns errors.
I did setup dns on both servers, and did a zone transfer, and it DID work.
I adjusted the ip address of the A record to match the natted ip address (it's local address on it's side, that translates to the other side)
No dice.
Any idea's on how to make this work?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.