Cannot browse to other domain

[PaulBarron]

I have two domain controllers. One is on an internal LAN (ie 10.2.1.*), the other is on a DMZ (ie 212.135.154.*).

From the internal LAN I cannot browse to the domain on the DMZ, nor can I ping the server name of the DC in the DMZ. I can however ping it's IP address

However, I can browse to the internal LAN from the DMZ DC.

I had thought this may be a DNS issue. However, after adding an entry for the DMZ domain in the DC of the Internal LAN, I still cannot browse or ping it by its DC name.

Hope this makes sense. Any ideas appreaciated

 

[yizhar]

HI!

It seems to me that the problem is the opposite.
The problem is that the server from the DMZ can browse the internal network.
This should normaly be blocked.

In general - the major idea of DMZ is to seperate it from the internal network,
and only allow SMTP or other very specific protocols to specific hosts.

If you don't need Active Directory in the DMZ, may be you should run DCPROMO and remove it.

A good idea will be to consult and maybe redesign your firewall and network structure and configuration.
What do you think?
What are your specific scenario and needs?
What services does the DMZ server provide?
Who should access them?
What about the internal servers?

Bye

Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar