Re: PIX and MS Active Directory [7:44797]
Thanks Brian, just in case any ones else is interested here's a useful link for the microsoft stuff http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/ittasks/t asks/adrepfir.asp Cheers Pat -- email me on : [EMAIL PROTECTED] ""Brian Hill"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > John, > > SMTP only works if you have two sites in two different domains. In addition, > you have to have an exchange server with KMS and a CA to encrypt. Pat, I > would suggest creating a tunnel from pix to pix and running the replication > through there. AD uses RPC, which doesn't translate due to the fact that it > uses random port numbers after the initial session establishment. > > Brian Hill > CCNP, CCDP, MCSE 2000 (Charter Member),MCSE+I (NT4.0), > MCSA (Charter Member), MCP+I, MCP(21), Inet+, Net+, A+ > Lead Technology Architect, TechTrain > Author: Cisco, The Complete Reference > http://www.alfageek.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44937&t=44797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX and MS Active Directory [7:44797]
John, SMTP only works if you have two sites in two different domains. In addition, you have to have an exchange server with KMS and a CA to encrypt. Pat, I would suggest creating a tunnel from pix to pix and running the replication through there. AD uses RPC, which doesn't translate due to the fact that it uses random port numbers after the initial session establishment. Brian Hill CCNP, CCDP, MCSE 2000 (Charter Member),MCSE+I (NT4.0), MCSA (Charter Member), MCP+I, MCP(21), Inet+, Net+, A+ Lead Technology Architect, TechTrain Author: Cisco, The Complete Reference http://www.alfageek.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44874&t=44797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX and MS Active Directory [7:44797]
Tell him to use SMTP for AD replication, and disable the fixup feature for SMTP on the PIX. -Original Message- From: Patrick Donlon [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 8:16 AM To: [EMAIL PROTECTED] Subject: Re: PIX and MS Active Directory [7:44797] Brian I've just found out from the guy testing the AD stuff that it doesn't even work with static NAT translations, it'll only work with a static mapping with the same address across the firewall. The bit that isn't working is the replication between the servers Cheers Pat -- email me on : [EMAIL PROTECTED] ""Brian Hill"" <> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Pat, > > Are the clients having the problem, or are the servers having the problem? > If it's the servers, it's probably just RPC, but if it's the clients, it > could be lots of things. What exactly "isn't working"? > > Brian Hill > CCNP, CCDP, MCSE 2000 (Charter Member),MCSE+I (NT4.0), > MCSA (Charter Member), MCP+I, MCP(21), Inet+, Net+, A+ > Lead Technology Architect, TechTrain > Author: Cisco, The Complete Reference > http://www.alfageek.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44824&t=44797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX and MS Active Directory [7:44797]
Brian I've just found out from the guy testing the AD stuff that it doesn't even work with static NAT translations, it'll only work with a static mapping with the same address across the firewall. The bit that isn't working is the replication between the servers Cheers Pat -- email me on : [EMAIL PROTECTED] ""Brian Hill"" <> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Pat, > > Are the clients having the problem, or are the servers having the problem? > If it's the servers, it's probably just RPC, but if it's the clients, it > could be lots of things. What exactly "isn't working"? > > Brian Hill > CCNP, CCDP, MCSE 2000 (Charter Member),MCSE+I (NT4.0), > MCSA (Charter Member), MCP+I, MCP(21), Inet+, Net+, A+ > Lead Technology Architect, TechTrain > Author: Cisco, The Complete Reference > http://www.alfageek.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44820&t=44797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX and MS Active Directory [7:44797]
Pat, Are the clients having the problem, or are the servers having the problem? If it's the servers, it's probably just RPC, but if it's the clients, it could be lots of things. What exactly "isn't working"? Brian Hill CCNP, CCDP, MCSE 2000 (Charter Member),MCSE+I (NT4.0), MCSA (Charter Member), MCP+I, MCP(21), Inet+, Net+, A+ Lead Technology Architect, TechTrain Author: Cisco, The Complete Reference http://www.alfageek.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44808&t=44797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX and MS Active Directory [7:44797]
The company I work for are looking to deploy Microsoft's Active Directory across the intranet. Most sites have a PIX firewall running 5.3(2) and will have many clients per site using AD. The problem seems to be that when clients pass through the PIX and are assigned a global address/PAT AD is not working. Static NAT translations work but due to the number of clients per site it's not feasible to use static translations. Has anyone done this or know any good links, can't find a thing on it at the CCO Cheers Pat -- email me on : [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44797&t=44797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
