Checkpoint and ADMT. Migration users/data between Domains 1

[Rpinfo]

We are in the phase to migrate users/data from NT4 PDC Domain to Active Directory Domain 2003.
We are using Checkpoint NG AI R55. The two networks have different addresses and subnet masks and should communicate through the Firewall. The NAT is enabled on both networks and we succeeded to establish the trust relation between both. The following rules are implemented:

Lan1<---->Lan2<---->any traffic<----->any<----->accept

Lan2<---->Lan1<---->any traffic<----->any<----->accept

The problem:
The Microsoft Active Directory Migration Tool (ADMT) is not able to recognize the source Domain (NT4). Disabling the NAT (Hide Method) in both LAN’s we are able to establish the contact. But in this case the source Domain is not able to reach the gateway to Internet anymore.
Is it necessary to define other rules to establish two way connection?
Any suggestions are very welcomed.
Regards
Raffaele

 

[Piloria]

You may find the issue is to do with the Hide NAT.
Hide Nat only allows a one way communication between the servers If you are NATing in both directions using Hide then you are blocking the conections.

Server1 > Server2 Blocked by Hide on server2
Server2 > Server1 Blocked by Hide on server1

for communication between the servers you will need to use STATIC NAT on both Servers you should still be able to use Hide NAT for the Network objects to hide all other servers.

 

[Piloria]

An alternate method is to keep the Hide NAt rules and create a Manual NAT rule for the two servers.
In NAT rules
Add rule (Use Menus Dont right mouse click it wont work)
Source Destination Service Source Destination
server1 Server2 Any Original Original
Server2 Server1 Any Origanal Original

When you know the services you require then restrict to these.