I've set up a dmz for our wireless clients. My packet filter rules are as follows. Reject traffic coming from lan to dmz and reject traffic coming from dmz to lan. However when a vpn connection is establsihed from a dmz client I give the ipsec pool full access to lan resources. My problem is I can't ping the domain controllers. I can ping various xp clients and member servers but no domain controllers. I'm using an astaro linux firewall for this implementation.
www.astaro.com
www.astaro.com