Hi all!
I have been lurking on this list for a short while now, looking for
information on the problem that I describe below, along with simply enjoying
the discussions and wealth of valuable information available on this forum.
I can only hope that with enough time and effort, I can gain enough
understanding of the concepts of network security to feel that I am able to
do an adequate job of protecting our valuable information resources. Thank
you all for your willingness to share both information and insights.
Now, for the immediate problem. I have a key executive (actually, the
company owner) who requires login access to our internal NT network
resources while at home. I had this functionality configured using a ISDN
BRI link and allowing him logon priveledges from home. It worked very well
and was secure, but not fast enough for him. He wanted better throughput for
both the the link to our internal network and for his internet connection. I
chose to use DSL for the connection. It is working very well also, but I am
unable to log him in over the DSL connection.
The basic network layout is as follows:
Internet
|
|
|
ISP
/ \
/ \
/ \
Cisco 675 Cisco 675
DSL Modem |
| |
| Sonic Systems Firewall
| with NAT enabled
| |
Win98 PC NT 4.0 Server using 192.168.1.x private addresses
I need to be able to log the Win98 pc into the NT 4.0 server. When I attempt
to do so, I get the message "No domain controller was available to validate
your request...".
After checking through the MS Support articles, I came across a few that
seem to address this issue. They indicate that the Netlogon function sends a
NetBIOS datagram which has both the IP header IP address and a NetBIOS
header source IP address. Since the logon process uses the NetBIOS header
source address, if NAT only translates the IP header address, the logon will
fail. This seems to be exactly what is happening.
Does anyone know of a NAT product that translates the NetBIOS addresses as
well as the IP header addresses? Or is there another way to approach this
problem?
Please forgive my lack of understanding if I have asked a really stupid
question, but I was always taught that the only stupid question is the one
you didn't ask.
Thanks!
Dean
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
