Join Log in
Score:0
Greg Z avatar Server

Setting up Domain Trust over NAT?

kg flag
Greg Z

Short summary of our situation.

I have two separate domains that we need to establish a one-way forest trust between. Domain 1 has native subnet of 172.18.xx and Domain 2 has native subnet of 10.162.xx.xx.

The two networks are connected via a VPN tunnel through two firewalls. The problem is that the 172.18.xx.xx subnet is already in use in the hosted environment so we have a NAT to 10.162.xx.xx.

We have created a conditional forwarder on both domain, as well as created the trust from Domain 1 to Domain 2. From Domain 1 to Domain 2, the trust validates fine, the problem starts with validation from Domain 2 to Domain 1 - it is unable to locate a domain controller and nslookup is unable to resolve the domain of Domain 1. The problem seems to be with the native IP being reported back by Domain 1 to Domain 2, instead of the NAT'd IP.

At this point I'm looking into what options we have to get Domain 1 to report back the NAT'd IP when DNS resolution is performed, as I believe this is the ultimate fix. DNS Stubzone, or DNS translation in Firewall? Anyone have experience with this?

31
0 + 3
nat
cn flag
Greg Askew
You need to use a different network/address, and assign that to a domain controller in a separate site in your perimeter network.. There are many available networks to choose from that aren't 172.18.xx.xx.
0
Reply
Greg Z avatar
kg flag
Greg Z
Our primary issue is the devices must not be multi-homed, they need to be on different VLANs, and on a different network perimeter. It's a govt compliance issue due to being a high risk SCADA system.
0
Reply
cn flag
Greg Askew
Domain controllers should never be multi-homed. You don't need multiple ip addresses for this.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.