|
Rievax -> DMZ <-- LAN trus relationship (27.Jun.2008 5:03:31 PM)
|
Hello,
What will be my best options in order to enable a one-way trust relationship between my DMZ and the LAN?
I already tried a few things like:
Adding a new Network Rule to enable traffic between DMZ AD server and LAN AD servers as being routed
Adding firewall rule so RPC, DNS, Kerberos, LDAP... are allowed between the AD servers
And it kind of worked, but I also had to allow my DMZ regular servers to have access to my LAN AD servers (Kerberos authentication). Am I missing something? I don't see why I should do that since my DMZ server has a functional trust relationship...
Is there any whitepapers in order to achieve this with ISA2004?
Any help will be welcome.
Thanks.
|
|
|
|