Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Migration from NT to Server 2003 Domains 1

Status
Not open for further replies.
Rpinfo

Rpinfo

MIS
Nov 3, 2004
9
BE
We are preparing the migration from NT to Server 2003 Domains separated by FW Checkpoint R55. The old domain is in the range of 192.168.., the new one in the range 10.0...
There is a Nat on the two networks objects. We defined a static NAT( with virtual addresses) for the 2 DC's. These virtual IP addresses has been inserted in the LMHOST of each DC's. Which should be the rules to apply in the FW for:

1. a client from each network sould be able to do the connection to Internet, access the servers of the opposite Domain and viceversa

2. the servers from the two Domains could be able to be accessed from each other( Mailserve1<---->Mailserver2, Fileserve1<---->Fileserver2, NT PDC<----->Activedirectory, replication of the WINS,DNS)

3. a two way trust between the two Domains for the migration using ADMT and ADC

We tried different rules and the main problem consists in accessing the opposite Domain Servers.

An help on his issue is welcome

Thanks

Raffaele


 
Sort by date Sort by votes
how do your Client PC's IP addresses fit in with the server addresses on the same network?
can you set up a network object that just covers the PC's? or are the ip addresses mixed in together?

idealy you would set upi a network object for the PC's and use hide nat for them on the network object.

PCs_Domaine1 > Internet - HTTP,HTTPS,...... Accept Log
PCs_Domaine2

PCs_Domaine1 > Mail_Dom2 - pop3? Accept Log
PCs_Domaine2 > Mail_Dom1 - pop3? Accept Log

repeat for file server and pdc

If you are not sure of the ports that are used use the logs to show what ports are being rejected.

Mail_Dom1 > Mail_Dom2 SMTP Accept Log
Mail_Dom2 > Mail_Dom1 SMTP Accept Log

repeat for fileservers and PDC's


On each of the servers create a static nat in the other networks IP range

Rather than use LMHosts why not use DNS entrys instead?
 
Upvote 0 Downvote
Thanks.

The clients and the servers are in the same networks.
If I apply Static NAT for the servers(with virtual adresses),I cannot establish the connection between servers for the trust relationship between domains.
Could a Manual Nat rule:

Network1>Network2 original original
Network2>Network1 original original

solve the problem? without NAT the servers?
Regards
 
Upvote 0 Downvote
you could or you could just use the servers in the manual NAT rule

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
579
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
537
Johnkite
Johnkite
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
118
Russtoleum
Russtoleum
ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
211
hairlessupportmonkey
hairlessupportmonkey
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
463
nnaarrnn
nnaarrnn

Part and Inventory Search

Sponsor

Back
Top