Solved

Domain Trust via NAT

Posted on 2012-04-11
2
592 Views
Last Modified: 2012-04-16
Dear Expert,

I need some advice pertaining on the windows 2008 AD - external domain-trust via NAT, DNS forwarding has been setup successfully from both sites, but can't seem to get the authentication working.

I have 2 site connect via point-to-point VPN:

Site A - AD Server IP 10.150.0.1
Domain: domain-A.internal

Site B - AD Server 10.10.0.1   (Original IP subnet)
Site B - AD Server 10.190.1.1 (NAT IP Subnet back to Site A)
Domain: domain-B.internal

P/S: The NAT only applied on Site B.

Test result:
AD Server (Site A)  able to ping  NAT AD Server (Site B)
AD Server (Site B)  able to ping  AD Server (Site A)

AD server (Site B)  able to ping  domain-A.internal
AD server (Site A)  can't ping   domain-B.internal  (somehow it's pinging actual IP 10.10.0.1 instead of NAT IP 10.190.1.1)
0
Comment
Question by:peacefullee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 3

Accepted Solution

by:
unsatiated earned 500 total points
ID: 37833573
Your DNS entries and NAT are not mixing well.  Because you are NAT'ing the box to the 10.190.1.1 IP address, that IP does not exist in any DNS record in your DNS zone, therefore, domain-b.internal will always resolove to 10.10.0.1 instead of the NAT address you are looking for which is 10.190.1.1.  Why are you NAT'ing that AD subnet to that anyway?  Is this a constraint due to that subnet being alreayd in use on the A side?

You can ADD DNS entries for all those NATd IP addresses into DNS to remedy, but I suggest looking at why you are even NATing those addresses.
0
 

Author Closing Comment

by:peacefullee
ID: 37853931
Thanks for advice, managed to get NATed exemption on AD.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question