Re: trust forests without trusts
- From: "John M" <sdkfj@xxxxxxxxxxxxx>
- Date: Thu, 4 May 2006 10:06:19 -0500
we have a VPN between 2 checkpoint boxes, NAT is running on the checkpoint
boxes to hide the internal network address because of conflicts. I called
PSS and they couldn't get it to work either and said it's not supported.
Problem is DNS related, if I lookup the external domain into, I can contact
the domain thru the NAT address but AD responds with the real IP and thus
fails to work
"Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx> wrote in message
news:edHukEwbGHA.628@xxxxxxxxxxxxxxxxxxxxxxx
In news:u1oDNDvbGHA.536@xxxxxxxxxxxxxxxxxxxx,
John M <sdkfj@xxxxxxxxxxxxx> stated, which I commented on below:
Is there some product that will basically take over a trust role? I
have external forests that I want to assign resources to. Because we
use NAT between the two forests, I can't setup a trust. Is there
something else I can do? If this product could also sync the GAL
from exchange that would be great.
thanks
John
You can create a trust between two NAT networks if your create a VPN with
the endpoints being the NAT routers, such as if they were PIX boxes on
each end, create a tunnel between them allowing unhindered access to each
others' subnets. This is normally done with many companies with multiple
remote locations/offices. If it is a partner organization or business
partner, you will need to sit down with them and explain what you want and
come up with a solution, possibly hiring a consultant who is familiar with
this very common procedure.
There are 3rd party tools, such as SimpleSync, to sync up different orgs,
but they still require full network access because of authentication and
communication, etc, because NAT does not translate Kerberos, NTLM, LDAP or
RPC traffic.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows
you to easily find, track threads, cross-post, sort by date, poster's
name, watched threads or subject.
It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."
The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy. - [Me]
.
- Follow-Ups:
- Re: trust forests without trusts
- From: Ace Fekay [MVP]
- Re: trust forests without trusts
- References:
- trust forests without trusts
- From: John M
- Re: trust forests without trusts
- From: Ace Fekay [MVP]
- trust forests without trusts
- Prev by Date: Re: dcdiag er
- Next by Date: Re: DNS Nightmare - Can't create forward zone
- Previous by thread: Re: trust forests without trusts
- Next by thread: Re: trust forests without trusts
- Index(es):
Relevant Pages
|
Loading
