NAT & AD Replication

[Eric Hetzel]

I have 2 sites behind firewalls using NAT seperated by the
internet.

Where do you specify the public ips? so the two DCs know
how to comunicate with each other over the internet?

I would think if the DCs try to reach each other using
their private ips the internet routers will drop their
packets.

 

[Simon Geary]

You would normally specify the public IP's on the Firewall but what exactly
are you trying to achieve? You say they are both DC's, are you trying to
allow AD replication to cross the Internet?

 

[Eric Hetzel]

Yes I want my two sites to do AD Replication accross the
internet, I plan on creating a VPN between the two
firewalls to secure this traffic.

In the SC DNS put the mi public firewall ip and vise versa
in the MI DNS.
So when the DC in the SC site tries to contact the DC in
the Mi site it will be using the firewall address and then
the firewall will map the port the the internal DC.

 

[Matjaz Ladava]

Don't think you can achieve that, because DC's have to have a fully routable
connection in between, and your other DC must register with proper ip in
remote DNS server. So both DC's have their private IP's registered in their
DNS server (which also has to replicate). How do you expect them to resolve
remote IP address (also private) from internal IP address across internet ?
I would suggest you to wait and implement a VPN connection between sites.

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000)
(e-mail address removed)
http://ladava.com