Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


One domain for many network subnets

Posted on 2010-08-24
Medium Priority
Last Modified: 2012-06-27
We are having four networks connected together by a cisco pix. Network one has Domain controller, DNS and DHCP installed we dont want to repeat this on all the different networks since they are interconnected and we don't want to use the concept of child domain. The other networks have different subnets i.e.
Network 2 10.10.2.-
Network 3 10.10.3.-
Network 4 10.10.4.-
We want to join computers from this networks to our main domain which has the address of 10.10.1.- Can we do any configuration in our cisco pix router so that the four networks will be seen as one even-though they are in different networks. or how can we achieve this. Note we can ping from any of this locations to another.
Question by:Atouray
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
LVL 57

Accepted Solution

giltjr earned 668 total points
ID: 33509668
You can't make the 4 IP subnets appear as a single IP subnet, it just does not work.

However, you don't need to.  All you need to do is make sure that you allow all of the needed protocols to pass from one IP subnet/Interface to another.

For the DHCP you need to configure the PIX (assuming you have 6.3 or newer) with the dhcp relay option, this will allow the dhcp requests to be forwarded to your DHCP server.

Here is a starting point for what UDP/TCP ports you need to allow to pass through between the IP subnets.


Expert Comment

ID: 33509684
Assuming all networks can access other networks then as long as you add the domain controller as the DNS server on the client then it will work fine.
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 668 total points
ID: 33509800
Yup, Elwin3 is completely right. But I would use additional DC in your network to provide redundancy. In case of one of them will fail you have second DC and your environment will work. You wrote about 4 subnets but did not tell us about amount of users? It is also domain requirements factor. You would notice some problems during morning logon hours if you use only 1 DC.
Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!


Author Comment

ID: 33509933
So you mean if I try to add a client in network in network 2 to the main network it should work without an y further configuration?

Author Comment

ID: 33509935
We have about 96 users in total. These users do not do much on the network apart from login to the their machines. All the work is done on the SQL server.
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33509952
It should be enough having 2 DCs. Yes if router knows AD location and you set DNS IP on each machine they will join to the domain.
LVL 57

Expert Comment

ID: 33511187
As long as your firewall allows all of the necessary traffic to flow to/from each IP subnet you should not need to do anything.

Assisted Solution

JDavis1 earned 664 total points
ID: 33513057
Your configuration is pretty common. It is not at all unusual for machines in different IP subnets to belong to the same Windows domain.  You just need to set up AD in Windows Sites and Services correctly. And as giltjr stated you need to do some configuration on your network devices in order to forward the DHCP traffic correctly.   If the Pix has an interface on the user user subnets then you need to configure DHCP relay on the Pix as he said.  If there are routers between the firewall and these subnets then DHCP forwarding needs to be configured on those routers.

Featured Post

WEBINAR - Latest Cyber Tips for Defense

Join the WatchGuard Threat Research Team on October 26th for an informative webinar featuring expert tips and tricks for defending your organization from today's latest cyber threats. Don't leave yourself vulnerable to attack. Register for the webinar today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question