Re: Trust over NAT
- From: "John M" <sdkfj@xxxxxxxxxxxxx>
- Date: Wed, 3 May 2006 15:35:13 -0500
is there a 3rd party product that will make this work ( not the trust ) but
be able to assign resources from the external forest?
"Jmnts" <jmnts@xxxxxxxxxxx> wrote in message
news:e2O3TGIaGHA.4916@xxxxxxxxxxxxxxxxxxxxxxx
Hi
domain 1 is a 10.1. network
domain 2 is a 172.31 network
both domains are NATed to each other where
domain 1 is 10.250.13.1
domain 2 is 10.202.13.1
Check:
http://www.jsifaq.com/SUBG/TIP3300/rh3318.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;172227
I'm domain 1
In my DNS I put a forward lookup zone for
domain2.com
there is an A record for domain2.com at 10.202.13.1
there is also an A record for the DC at 10.202.13.1
I can ping domain2.com and it replies with 10.202.13.1
also nslookup on domain2.com replies with 10.202.13.1
You should use Conditional forwarders, SutbZones or secondary zones to do
this.
--
I Hop that helps
Best Regards
Systems Administrator
MCSA + Exchange
"John M" <sdkfj@xxxxxxxxxxxxx> wrote in message
news:O0RWmQHaGHA.3704@xxxxxxxxxxxxxxxxxxxxxxx
domain 1 is a 10.1. network
domain 2 is a 172.31 network
both domains are NATed to each other where
domain 1 is 10.250.13.1
domain 2 is 10.202.13.1
I'm domain 1
In my DNS I put a forward lookup zone for
domain2.com
there is an A record for domain2.com at 10.202.13.1
there is also an A record for the DC at 10.202.13.1
I can ping domain2.com and it replies with 10.202.13.1
also nslookup on domain2.com replies with 10.202.13.1
"Fiso" <fiso@xxxxxxxxxxx> wrote in message
news:%23n6zz1%23ZGHA.440@xxxxxxxxxxxxxxxxxxxxxxx
Hi
I changed DNS so I have a new primary forward zone with the external
domain name
I added a record for the domain name
I can ping the domain name and it uses the NAT address and replies back
no problem.
NAT address should be public not internal....
You added a record for the domain name? What record?
Is the Public address replying to you?
If you use nslookup domain.com
What address is listed?
Please give more inf about your both domain configuration.
domain1.com, domain2.com, ip address, Dns configuration, etc.
--
Best Regards
Systems Administrator
MCSA + Exchange
"John M" <sdkfj@xxxxxxxxxxxxx> wrote in message
news:eQJCeD%23ZGHA.3684@xxxxxxxxxxxxxxxxxxxxxxx
I changed DNS so I have a new primary forward zone with the external
domain name
I added a record for the domain name
I can ping the domain name and it uses the NAT address and replies back
no problem.
"Jmnts" <jmnts@xxxxxxxxxxx> wrote in message
news:%23NhCc29ZGHA.1352@xxxxxxxxxxxxxxxxxxxxxxx
Hi
- This will never work. I must use the real Dns IPAdddress, the
servers must able to reach eachother Dns.
- Of course if you have both forests in same Subnet Address the
requests won't leave the local Subnet. So the forests must be
connected to the same switch/Hub or must be in different subnets in
order to the router forward the requests.
- Your NAT device is responding to ICMP requests?? (Enable FW on the
NAT device)
--
Best Regards
Systems Administrator
MCSA + Exchange
"John M" <sdkfj@xxxxxxxxxxxxx> wrote in message
news:u6Wyzi6ZGHA.504@xxxxxxxxxxxxxxxxxxxxxxx
I'm trying to setup a trust between two separate forests over a VPN
connection. There is conflicts with the private address being used
at each site, so were using NAT to change the private address to
something we can both use.
I added the external domain name to my DNS forwarder list with the
NAT ip address. Problem is that if I try to ping the external domain
it comes back with the real ip address and not the NAT address. So
when setup the trust and put in the external domain name it fails.
anyone have any ideas for me?
thanks
John
.
- Prev by Date: trust forests without trusts
- Next by Date: Re: AD Upgrade Question
- Previous by thread: trust forests without trusts
- Next by thread: CANNOT ACCESS OUTLOOK AFTER SUCCESSFULL LOGIN
- Index(es):
Relevant Pages
|
