Trust between 2 sites

[New]

Hello,

I'm new to this trust setup please be as detail as you
can!!!

I have to setup the trust relationship for the 2 sites,
one is in the main office and the branch office. The 2
sites are connected by the t1 line. We have firewall on
the main office, but branch office doesn't have one
the range ip address from the main office is X.X.1.X, and
branch office is X.X.2.X.
firewall is enble for the 2.x to access.
What can I do to setup the trust between the 2 sites to be
able to manage the active directory of the branch office
from the main office?

Thanks for all the inputs!!!

New

 

[Phillip Windell]

If the Firewall is running NAT (most are) then you can not do that safely or
easily. You need to setup a site-to-site VPN and do the Trust through it.
The site without the Firewall should have a Firewall and the LAN should be
re-addressed with Private IP#s,...then setup the Site-to-Site VPN between
the two Firewalls. Most newer Firewalls have this ability.

Are your sure the other site has no Firewall?.... or are we just getting
confused on symantecs? If it runs Private addresses then *something* is
providing either NAT or a "proxying service" and that would effectively be
the Firewall.

 

[new]

Philly,

Thanks for the reply!!!
Yes, I'm sure that there's no firewall on the branch
office. There is not an option to put a firewall in place
for the branch office.
Is there a way that I can set the trust connection for the
sites, so they can manage each other?

Thanks,

Mai

-----Original Message-----
If the Firewall is running NAT (most are) then you can not do that safely or
easily. You need to setup a site-to-site VPN and do the Trust through it.
The site without the Firewall should have a Firewall and the LAN should be
re-addressed with Private IP#s,...then setup the Site-to- Site VPN between
the two Firewalls. Most newer Firewalls have this ability.

Are your sure the other site has no Firewall?.... or are we just getting
confused on symantecs? If it runs Private addresses then *something* is
providing either NAT or a "proxying service" and that would effectively be
the Firewall.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Hello,

I'm new to this trust setup please be as detail as you
can!!!

I have to setup the trust relationship for the 2 sites,
one is in the main office and the branch office. The 2
sites are connected by the t1 line. We have firewall on
the main office, but branch office doesn't have one
the range ip address from the main office is X.X.1.X, and
branch office is X.X.2.X.
firewall is enble for the 2.x to access.
What can I do to setup the trust between the 2 sites to be
able to manage the active directory of the branch office
from the main office?

Thanks for all the inputs!!!

New

.

 

[Phillip Windell]

Philly,

Thanks for the reply!!!
Yes, I'm sure that there's no firewall on the branch
office. There is not an option to put a firewall in place
for the branch office.

Why isn't there a chance? That is almost unreasonable.

If there is no chance of a Firewall, then there is no chance of doing what
you want safely either. Why would you want to take a secure network behind
a firewall and join it to a totally unsecure network, thereby making both
systems insecure and basically leave them in the middle of the street with
their pants around their ankes?