Hello jwbernin,
You are aware that with your DC in the internet and somebody hacks it, your
complete environment is open? I strongly recommend to use only private iprange
and make all external connections over a firewall like ISA server or CISCO
ASA. There you can place the really needed servers in a DMZ, basically NOT
DCs.
Why must you join clients from the internet to your network? For external
connections use a dedicated RRAS/VPN server.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
> OK, here's what I want to achieve.
>
> I have a private network, 172.x, that is where most of my
> administrative and backup traffic should be - e.g. domain
> authentication
> to member servers, DC updates, DNS zone xfers, etc. I also need to be
> able to join workstations from the public side of things - 152.x. I
> need to resolve our DNS addresses (in the bioinf.unc.edu domain) to
> the
> 152.x addresses, but I also need to be able to resolve addresses in
> the
> same DNS domain (with different names) to 172.x addresses.
> E.g. I want 'ad0.bioinf.unc.edu' to resolve to 152.19.180.180 (which
> it does now), and I want ad0-pvt.bioinf.unc.edu to resolve to
> 172.29.26.180, from the same DNS server. I want AD traffic to default
> to 172.x, but go out 152.x if it came from a 152.x address. I want to
> add a NetApp filer to this domain by giving it the 172 address for the
> DC, but I also want to be able to add a public workstation to the
> domain by giving it the 152.x address.
>
> http://forums.techarena.in
>
Similar Threads
Linear Mode
