Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Domain Trust via NAT

Posted on 2012-04-11
2
584 Views
Last Modified: 2012-04-16
Dear Expert,

I need some advice pertaining on the windows 2008 AD - external domain-trust via NAT, DNS forwarding has been setup successfully from both sites, but can't seem to get the authentication working.

I have 2 site connect via point-to-point VPN:

Site A - AD Server IP 10.150.0.1
Domain: domain-A.internal

Site B - AD Server 10.10.0.1   (Original IP subnet)
Site B - AD Server 10.190.1.1 (NAT IP Subnet back to Site A)
Domain: domain-B.internal

P/S: The NAT only applied on Site B.

Test result:
AD Server (Site A)  able to ping  NAT AD Server (Site B)
AD Server (Site B)  able to ping  AD Server (Site A)

AD server (Site B)  able to ping  domain-A.internal
AD server (Site A)  can't ping   domain-B.internal  (somehow it's pinging actual IP 10.10.0.1 instead of NAT IP 10.190.1.1)
0
Comment
Question by:peacefullee
2 Comments
 
LVL 3

Accepted Solution

by:
unsatiated earned 500 total points
ID: 37833573
Your DNS entries and NAT are not mixing well.  Because you are NAT'ing the box to the 10.190.1.1 IP address, that IP does not exist in any DNS record in your DNS zone, therefore, domain-b.internal will always resolove to 10.10.0.1 instead of the NAT address you are looking for which is 10.190.1.1.  Why are you NAT'ing that AD subnet to that anyway?  Is this a constraint due to that subnet being alreayd in use on the A side?

You can ADD DNS entries for all those NATd IP addresses into DNS to remedy, but I suggest looking at why you are even NATing those addresses.
0
 

Author Closing Comment

by:peacefullee
ID: 37853931
Thanks for advice, managed to get NATed exemption on AD.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question