We are looking at implementing a cisco pix in stages and therefore want to stick clients behind the firewall first then servers. Is there a way to do this for the domain loggin in without putting a PDC behind the firewall with them? I am able to have them authenticate to the domain if I do a static map for each address, but I would like to not have to keep all the current IP addresses in reserve. I have tried opening the udp ports(137,138) and tcp ports (139) that does not work. Any help would be appreciated. It is an NT 4.0 domain. with windows 2000 clients.
Thanks
Jim Kiddoo
Jim.Kiddoo@ualberta.ca