Solved

Domain Trust via NAT

Posted on 2012-04-11
2
575 Views
Last Modified: 2012-04-16
Dear Expert,

I need some advice pertaining on the windows 2008 AD - external domain-trust via NAT, DNS forwarding has been setup successfully from both sites, but can't seem to get the authentication working.

I have 2 site connect via point-to-point VPN:

Site A - AD Server IP 10.150.0.1
Domain: domain-A.internal

Site B - AD Server 10.10.0.1   (Original IP subnet)
Site B - AD Server 10.190.1.1 (NAT IP Subnet back to Site A)
Domain: domain-B.internal

P/S: The NAT only applied on Site B.

Test result:
AD Server (Site A)  able to ping  NAT AD Server (Site B)
AD Server (Site B)  able to ping  AD Server (Site A)

AD server (Site B)  able to ping  domain-A.internal
AD server (Site A)  can't ping   domain-B.internal  (somehow it's pinging actual IP 10.10.0.1 instead of NAT IP 10.190.1.1)
0
Comment
Question by:peacefullee
2 Comments
 
LVL 3

Accepted Solution

by:
unsatiated earned 500 total points
ID: 37833573
Your DNS entries and NAT are not mixing well.  Because you are NAT'ing the box to the 10.190.1.1 IP address, that IP does not exist in any DNS record in your DNS zone, therefore, domain-b.internal will always resolove to 10.10.0.1 instead of the NAT address you are looking for which is 10.190.1.1.  Why are you NAT'ing that AD subnet to that anyway?  Is this a constraint due to that subnet being alreayd in use on the A side?

You can ADD DNS entries for all those NATd IP addresses into DNS to remedy, but I suggest looking at why you are even NATing those addresses.
0
 

Author Closing Comment

by:peacefullee
ID: 37853931
Thanks for advice, managed to get NATed exemption on AD.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now