+ Post New Thread
Results 1 to 11 of 11
Wireless Networks Thread, Two domains - Comunication through a firewall prob in Technical; Hi all I've been wondering how to allow domains to comunicate with each other through the firewall I have. The ...
  1. #1
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 45 Times in 35 Posts
    Rep Power
    29

    Two domains - Comunication through a firewall prob

    Hi all

    I've been wondering how to allow domains to comunicate with each other through the firewall I have. The layout is like this:

    | <- County WAN connection
    |
    #### <- Our firewall/vpn unit
    ####
    | |
    | | <- Curriculum Domain / network 172.16.0.x
    | +----.. . . . .
    |
    | <- Admin Domain / network 172.16.10.x
    :

    Is there any way i could create a trust between the two? Would the AD sync the usernames at all?

    Even if that isn't possible for some reason, does anyone happen to know what services I could run between them at all? and has anyone a handy [small-ish] list of ports and services to allow for specific things etc?

    I know this sounds confusing - but i'm just trying to think of ways to help ease things between the two networks - and possibly allow SIMS .NET on specific IP computers on the curriculum domain that can talk to the admin network in a limited fashion.

    Cheers
    Nath

  2. #2
    Disease's Avatar
    Join Date
    Jan 2006
    Posts
    1,099
    Thank Post
    118
    Thanked 70 Times in 48 Posts
    Rep Power
    56

    Re: Two domains - Comunication through a firewall prob

    You can set up Trust links with the domains through AD Domains and Trusts.

    Are the domains on different sites or are they on the same site?

  3. #3
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 45 Times in 35 Posts
    Rep Power
    29

    Re: Two domains - Comunication through a firewall prob

    Sorry - i should have mentioned, both domains are on the same site. I forget schools/establishments have different sites sometimes lol

    Both networks coming from that firewall [i.e. the curriculum and the admin] are physically seperate networks and only connect at this firewall.

    I know about the AD trusts thingy - its what ports/protocols/etc to set up in the firewall policy that I'm after

    Nath.

  4. #4
    BooBoo's Avatar
    Join Date
    Jul 2006
    Location
    Dorset
    Posts
    77
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Two domains - Comunication through a firewall prob

    Are you wanting the full use of Sims ie the electronic registration and Nova T etc? If not you can copy the Sims folder from the admin network reconfigure the connect.ini file and use this copy on the 'C' network as an offline copy.

  5. #5
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 45 Times in 35 Posts
    Rep Power
    29

    Re: Two domains - Comunication through a firewall prob

    SIMS was more of a after-thought really. I'm just trying to elliminate the need for different usernames on different domains, as we have staff that use both curriculum and admin.

    Not sure quite what i'm looking for, but some sort of comunication would be handy between the two networks

    I only have opened up http traffic, vnc [tho it only seems to work one way for some reason] and bromcom registration program that only uses a port to comunicate [that was realy easy to do hehe].

    Nath

  6. #6
    Disease's Avatar
    Join Date
    Jan 2006
    Posts
    1,099
    Thank Post
    118
    Thanked 70 Times in 48 Posts
    Rep Power
    56

    Re: Two domains - Comunication through a firewall prob

    When you say firewall what exactly do you mean?

    ISA Server or something similar?

    LEA Firewall or is it just a switch with seperate VLAN's

  7. #7
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,987
    Thank Post
    120
    Thanked 283 Times in 261 Posts
    Rep Power
    107

    Re: Two domains - Comunication through a firewall prob

    This maybe overly complicated but how about a VPN between the two then you dont have to worry about too many ports. Your going to need to open DNS 53, 135 for RPC maybe, 445 for AD and probably several others.

  8. #8
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 45 Times in 35 Posts
    Rep Power
    29

    Re: Two domains - Comunication through a firewall prob

    @Disease: hehe I mean what I say :P

    hardware firewall / vpn / router...

    http://www.firebox.uk.com/firebox-x5...wall-p-28.html

    Its our own firewall - i set it up - and the connection to the county provides the internet and WAN services etc FYI.


    @Chris:
    I could create a "Any traffic" link between the IP of the Curiculum DC and the IP of the Admin DC, but maybe that would invite problems hehe

    I dont think this model does that kind of setup - a vpn link within itself, though the "Any traffic" link would be the equivelent I'd guess

    I might try that on Thurs [job interview tomorrow].

    Cheers
    Nath.

  9. #9
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: Two domains - Comunication through a firewall prob

    Creating a trust relationship will not synchronise usernames between the two domains, it will simply let you assign access to resources in one domain to users in the other domain.

  10. #10
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,966
    Thank Post
    248
    Thanked 49 Times in 45 Posts
    Blog Entries
    2
    Rep Power
    46

    Re: Two domains - Comunication through a firewall prob

    Seems that if you're opening up machines on the curric network for staff to use SIMS you're also allowing access to your most sensitive data.

    As usual it's staff discipline in securing thier logins which is the loophole. Not your problem - just pass that one up.

    JMO but I think this is a waste of time.

  11. #11
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: Two domains - Comunication through a firewall prob

    If you are doing this for the reasons Mark has suggested, then you can limit potential damage by giving your Teachers the absolute bare minimum permissions in SIMS that they require (good security practise anyway).

SHARE:
+ Post New Thread

Similar Threads

  1. 2 Domains on 1 LAN?
    By john.gardner in forum Wireless Networks
    Replies: 4
    Last Post: 30th November 2007, 11:58 PM
  2. DNS between two domains RESOLVED
    By edie209 in forum Windows
    Replies: 7
    Last Post: 8th November 2007, 07:47 PM
  3. Windows Domains - 1 or 2
    By GrumbleDook in forum Windows
    Replies: 16
    Last Post: 5th March 2007, 11:12 AM
  4. Google's international domains
    By OverWorked in forum Links
    Replies: 11
    Last Post: 8th December 2006, 07:38 PM
  5. Cannot send to specific domains..
    By timbo343 in forum Windows
    Replies: 7
    Last Post: 19th September 2006, 10:17 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •