• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 387
  • Last Modified:

One domain for many network subnets

We are having four networks connected together by a cisco pix. Network one has Domain controller, DNS and DHCP installed we dont want to repeat this on all the different networks since they are interconnected and we don't want to use the concept of child domain. The other networks have different subnets i.e.
Network 2 10.10.2.-
Network 3 10.10.3.-
Network 4 10.10.4.-
We want to join computers from this networks to our main domain which has the address of 10.10.1.- Can we do any configuration in our cisco pix router so that the four networks will be seen as one even-though they are in different networks. or how can we achieve this. Note we can ping from any of this locations to another.
0
Atouray
Asked:
Atouray
  • 2
  • 2
  • 2
  • +2
3 Solutions
 
giltjrCommented:
You can't make the 4 IP subnets appear as a single IP subnet, it just does not work.

However, you don't need to.  All you need to do is make sure that you allow all of the needed protocols to pass from one IP subnet/Interface to another.

For the DHCP you need to configure the PIX (assuming you have 6.3 or newer) with the dhcp relay option, this will allow the dhcp requests to be forwarded to your DHCP server.

Here is a starting point for what UDP/TCP ports you need to allow to pass through between the IP subnets.

     http://support.microsoft.com/kb/832017
0
 
Elwin3Commented:
Assuming all networks can access other networks then as long as you add the domain controller as the DNS server on the client then it will work fine.
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Yup, Elwin3 is completely right. But I would use additional DC in your network to provide redundancy. In case of one of them will fail you have second DC and your environment will work. You wrote about 4 subnets but did not tell us about amount of users? It is also domain requirements factor. You would notice some problems during morning logon hours if you use only 1 DC.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
AtourayAuthor Commented:
So you mean if I try to add a client in network in network 2 to the main network it should work without an y further configuration?
0
 
AtourayAuthor Commented:
We have about 96 users in total. These users do not do much on the network apart from login to the their machines. All the work is done on the SQL server.
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
It should be enough having 2 DCs. Yes if router knows AD location and you set DNS IP on each machine they will join to the domain.
0
 
giltjrCommented:
As long as your firewall allows all of the necessary traffic to flow to/from each IP subnet you should not need to do anything.
0
 
JDavis1Commented:
Your configuration is pretty common. It is not at all unusual for machines in different IP subnets to belong to the same Windows domain.  You just need to set up AD in Windows Sites and Services correctly. And as giltjr stated you need to do some configuration on your network devices in order to forward the DHCP traffic correctly.   If the Pix has an interface on the user user subnets then you need to configure DHCP relay on the Pix as he said.  If there are routers between the firewall and these subnets then DHCP forwarding needs to be configured on those routers.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

  • 2
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now