Re: Establish external trust over a NAT device
- From: "Kurt" <lorentzenkurt@xxxxxxxxxxxxxxxxxx>
- Date: Sat, 19 Aug 2006 11:02:21 -0700
Thanks Herb,
Of course you are right. I probably should have said "usually". Of course
the PPTP tunnel itself is capable carrying any kind of traffic in either or
both directions, but most implementations I've seen pretty much spec a
server which allows multiple individual connections to be made. I have
successfully shared a PPTP client connection which allows the whole side
access, but I've not found where the windows client can do this as a part of
its regular decorum (at least not from the usual "wizard"). There are some
brands of routers that support PPTP client and server modes, but even they
generally recommend IPSec for fully bi-directional network-to-network. I
would be really interested in how to set this up using a Windows RRAS server
and a Windows client if you have any links.
Thanks,
....kurt
"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:uEey8m2wGHA.5056@xxxxxxxxxxxxxxxxxxxxxxx
"Kurt" <lorentzenkurt@xxxxxxxxxxxxxxxxxx> wrote in message
news:12ectmtfi3gip01@xxxxxxxxxxxxxxxxxxxxx
For a tust to work you'll need a lot more than just netbios traffic.The
BEST way is to use NAT devices (also called routers) that will allow you
to set up an IPSec tunnel between networks, otherwise your trust will be
more or less useless because Windows PPTP VPNs connect hosts to networks,
not networks to networks.
While I agree with the first part about setting up a tunnel, the
latter part is wrong.
Both Windows PPTP and L2TP can be used to setup fully functioning
Router-Router connections which can be used to tunnel traffic.
IPSec tunnels are moderately HARDER to setup since this is not
covered in the RRAS Console and must be setup more or less
manually.
Of course the difficulty of setting up any kind of tunnel will vary on
a purpose built router, but Windows (especially Server) can do this
quite well.
Doesn't change the recommendation probably but the details were just
not correct.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
...kurt
"Leif P" <anon@xxxxxxxx> wrote in message
news:e$oLyyqwGHA.3964@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I have seen several posts on the internet claiming that it is not
possible to create an external trust between 2 windows server 2003
domains over a NAT device.
I read this article: http://support.microsoft.com/kb/172227 as it should
be possible if the NAT device also replaces the NETBios owner IP
address.
Is it possible to create an external trust over a NAT device if the NAT
device replaces the owner IP address in the NETBios packets??
Leif P
.
- Follow-Ups:
- Re: Establish external trust over a NAT device
- From: Herb Martin
- Re: Establish external trust over a NAT device
- References:
- Establish external trust over a NAT device
- From: Leif P
- Re: Establish external trust over a NAT device
- From: Kurt
- Re: Establish external trust over a NAT device
- From: Herb Martin
- Establish external trust over a NAT device
- Prev by Date: Re: Properties option missing from right-click menu when finding users in ADUC
- Next by Date: Re: DNS lookups and Sites and Services
- Previous by thread: Re: Establish external trust over a NAT device
- Next by thread: Re: Establish external trust over a NAT device
- Index(es):
Relevant Pages
|
