Pix and Windows domains


I have been asked to segregate one subnet from the remainder of the network. This should be achieved using an ASA.

For instance, I will have a network (A), with the servers located in subnet (S). On the other hand I will have a network (B).

I will have Domain Controllers in the (S) subnet as well in the (B) network. And I will have workstations in the (A) and (B) networks. (B) workstation will have access to the servers in the (S) subnet, but not to the remainder of the (A) network.

Can this be achieved using a Pix (ASA5520) ?

I fear that the Pix is intrinsically a "nating" device and will corrupt "netlogon" frame. (Because it will alter the src/dest for the packet but not the IP addresses inside the frames.)

Is there a way to perform this ? I feel that I only need to have routing + ACL between the two (B) and (S) subnets.

Thanks for any idea


Reply to
Richard M.
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.