March 2nd, 2012, 10:30 AM
Cannot connect to domain controller using nat'ed network?
Guys I want some work to be completed in my office regarding setting up of a network lab. Using ssg-5 as a firewall i have setup and connected my network lab (192.168.1.x) behind a nat'ed network gw address 192.168.1.1. I can talk / ping from network lab lan to my company network (10.10.120.x). My company network interface is opertional on ethernet0/0 of ssg-5 fw which is untrust,other being able to ping and access internet I'm unable to access or share , enabling sharing on network lab or even when changing password I cannot connect to domain controller to perform these set of acitivites.
On firewall level i have set policy from trust to untrust (bidirectional too) from any to any. I don't know why this is happening. Whats blocking what.?
March 2nd, 2012, 02:12 PM
My guess is you'll need to do some port forwarding in your routers to forward the appropriate SMB ports to the domain controller.
It is a truism of American politics that no man who can win an election deserves to. --Trevanian, from the novel Shibumi
March 2nd, 2012, 05:26 PM
When you say it can't connect to the Domain Controller (DC) what exactly do you mean? Are you trying to connect the PC on your test network to the company's domain or something else?
March 2nd, 2012, 07:03 PM
I'm trying to connect machines on my network lab lan which were previously on company network to connect back or resume the services of my company network. E.g i want to enable sharing as i do i enter a name of person whom i want to give permission to under the sharing settings menu but it throws me an error saying "cannot find the user" which infact means that it cannot talk to company DC. I have tested using the password change option where it explicitly says that DC cannot be contacted.
Originally Posted by seack79
My request is being dropped at some place. Probably at ssg-5 level right now should i use PAT instead.?
March 2nd, 2012, 07:11 PM
in my case i have not got any routers just ssg-5 fw at my end. Should the smb ports not be forwarded as it is in case on nat?
Originally Posted by Doug G