I currently have a Windows 2003 native Active Directory Domain located
behind a Netscreen-50 firewall. One of my domain controllers is set up as a
stand-alone root CA. The Windows AD computers have no routable IPs; they
are all NAT mapped behind the firewall. A DHCP server runs behind the
firewall to assign static IPS to each computer which joins the domain. I
plan to use a Netscreen 5GT at the client end to establish the VPN tunnel.
Some questions:
1. Can I keep the domain controller NAT-mapped or will I have to assign
it a routable static IP?
2. Is it possible to use SCEP to automate enrolling a PKCS10 cert
request?
3. Will I need to install the certificate on the 5GT prior to
establishing the tunnel?
4. Can a VPN connected computer join a Windows 2003 native AD domain?
5. Can I join the remote computer to the Windows 2003 AD through the VPN
tunnel, or will I have to join it prior to establishing the VPN tunnel?
I already have a Netscreen doc to guide me through the VPN connection. If
there are some corresponding Microsoft docs which address my questions,
please provide the link.
Thanks in advance!
Edward W. Ray
|
Similar Threads
Linear Mode
