?
Solved

Domain Trust via NAT

Posted on 2012-04-11
2
Medium Priority
?
627 Views
Last Modified: 2012-04-16
Dear Expert,

I need some advice pertaining on the windows 2008 AD - external domain-trust via NAT, DNS forwarding has been setup successfully from both sites, but can't seem to get the authentication working.

I have 2 site connect via point-to-point VPN:

Site A - AD Server IP 10.150.0.1
Domain: domain-A.internal

Site B - AD Server 10.10.0.1   (Original IP subnet)
Site B - AD Server 10.190.1.1 (NAT IP Subnet back to Site A)
Domain: domain-B.internal

P/S: The NAT only applied on Site B.

Test result:
AD Server (Site A)  able to ping  NAT AD Server (Site B)
AD Server (Site B)  able to ping  AD Server (Site A)

AD server (Site B)  able to ping  domain-A.internal
AD server (Site A)  can't ping   domain-B.internal  (somehow it's pinging actual IP 10.10.0.1 instead of NAT IP 10.190.1.1)
0
Comment
Question by:peacefullee
2 Comments
 
LVL 3

Accepted Solution

by:
unsatiated earned 1500 total points
ID: 37833573
Your DNS entries and NAT are not mixing well.  Because you are NAT'ing the box to the 10.190.1.1 IP address, that IP does not exist in any DNS record in your DNS zone, therefore, domain-b.internal will always resolove to 10.10.0.1 instead of the NAT address you are looking for which is 10.190.1.1.  Why are you NAT'ing that AD subnet to that anyway?  Is this a constraint due to that subnet being alreayd in use on the A side?

You can ADD DNS entries for all those NATd IP addresses into DNS to remedy, but I suggest looking at why you are even NATing those addresses.
0
 

Author Closing Comment

by:peacefullee
ID: 37853931
Thanks for advice, managed to get NATed exemption on AD.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question