Trust over NAT

  • Thread starter Thread starter John M
  • Start date Start date
J

John M

I'm trying to setup a trust between two separate forests over a VPN
connection. There is conflicts with the private address being used at each
site, so were using NAT to change the private address to something we can
both use.
I added the external domain name to my DNS forwarder list with the NAT ip
address. Problem is that if I try to ping the external domain it comes back
with the real ip address and not the NAT address. So when setup the trust
and put in the external domain name it fails.

anyone have any ideas for me?
thanks
John
 
Hi
- This will never work. I must use the real Dns IPAdddress, the servers must
able to reach eachother Dns.
- Of course if you have both forests in same Subnet Address the requests
won't leave the local Subnet. So the forests must be connected to the same
switch/Hub or must be in different subnets in order to the router forward
the requests.
- Your NAT device is responding to ICMP requests?? (Enable FW on the NAT
device)
 
I changed DNS so I have a new primary forward zone with the external domain
name
I added a record for the domain name
I can ping the domain name and it uses the NAT address and replies back no
problem.
 
Hi
I changed DNS so I have a new primary forward zone with the external domain
name
I added a record for the domain name
I can ping the domain name and it uses the NAT address and replies back no
problem.
Click to expand...


NAT address should be public not internal....
You added a record for the domain name? What record?
Is the Public address replying to you?

If you use nslookup domain.com
What address is listed?

Please give more inf about your both domain configuration.

domain1.com, domain2.com, ip address, Dns configuration, etc.
 
domain 1 is a 10.1. network
domain 2 is a 172.31 network

both domains are NATed to each other where
domain 1 is 10.250.13.1
domain 2 is 10.202.13.1

I'm domain 1

In my DNS I put a forward lookup zone for
domain2.com
there is an A record for domain2.com at 10.202.13.1
there is also an A record for the DC at 10.202.13.1

I can ping domain2.com and it replies with 10.202.13.1
also nslookup on domain2.com replies with 10.202.13.1
 
Hi
domain 1 is a 10.1. network
domain 2 is a 172.31 network

both domains are NATed to each other where
domain 1 is 10.250.13.1
domain 2 is 10.202.13.1
Check:
http://www.jsifaq.com/SUBG/TIP3300/rh3318.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;172227

I'm domain 1

In my DNS I put a forward lookup zone for
domain2.com
there is an A record for domain2.com at 10.202.13.1
there is also an A record for the DC at 10.202.13.1

I can ping domain2.com and it replies with 10.202.13.1
also nslookup on domain2.com replies with 10.202.13.1
Click to expand...

You should use Conditional forwarders, SutbZones or secondary zones to do
this.

--
I Hop that helps

Best Regards
Systems Administrator
MCSA + Exchange
 
is there a 3rd party product that will make this work ( not the trust ) but
be able to assign resources from the external forest?
 
Back
Top