Here's my setup:
There are two domains one for the enterprise network, and one for a secure network seperated by a cisco pix 515. All of the general computers reside on the entreprise network, with a few select users gaining access to the secure network through a vpn. My problem is gettin those 'duel network' users the ability to access both the windows active directory on the enterprise and secure network at the same time. I would like to not open any port from the enterprise to the secure if at all possible. I have the vpn up and running with the logon authenticated through a radius server running on the domain controller on the secure side. I can ping and see resources with additional one-time logon if I enter the ip of the resource. What I can't figure out is how to get the secure domain to automatically accept the vpn users once they get through either by an external trust (do I have to open up incoming ports) or by the radius accounting for them. If you have any direction to me to go by any help at all is greatly appreciated.
It feels like I would have spent today better by just banging my head on the desk and seeing what happens.
I know I can't be the only guy who has ever tried a setup like this before.
There are two domains one for the enterprise network, and one for a secure network seperated by a cisco pix 515. All of the general computers reside on the entreprise network, with a few select users gaining access to the secure network through a vpn. My problem is gettin those 'duel network' users the ability to access both the windows active directory on the enterprise and secure network at the same time. I would like to not open any port from the enterprise to the secure if at all possible. I have the vpn up and running with the logon authenticated through a radius server running on the domain controller on the secure side. I can ping and see resources with additional one-time logon if I enter the ip of the resource. What I can't figure out is how to get the secure domain to automatically accept the vpn users once they get through either by an external trust (do I have to open up incoming ports) or by the radius accounting for them. If you have any direction to me to go by any help at all is greatly appreciated.
It feels like I would have spent today better by just banging my head on the desk and seeing what happens.
I know I can't be the only guy who has ever tried a setup like this before.
![[yinyang]](/data/assets/smilies/yinyang.gif "[yinyang] [yinyang]")