multihomed addresses on Domain Controllers /External Trust - VPN NAT

Tuesday, November 03, 2009 4:54 PMArkturas

0
Sign In to Vote
We are trying to setup an external trust so users in Domain A can access resources in Domain B
there is a VPN link between the two companies.

Domain B uses a 10. subnet (internal)
Domain A users a 172. subnet (internal)

on the firewall in Domain A we have setup NAT records so the Domain A Domain Controllers have a 10. network address.
the firewalls will then translate the 10. address in domain B to the 172 subnet in domain A.

on Domain A I have setup conditional forwarders so that I can resolve the domain controllers/DNS servers on the 10.x network.

my question:
in Domain A (172.x network) can I add the NAT IP address for the 10.x network on the DC's in Domain A.
Does Server 2008 support multi homed addresses on domain controllers.

I am aware that when the DC's in Domain A is restarted that they will create service records for the 10.x network.

is multihomed addresses on Domain Controllers supported?
- Reply
- Quote

Answers

Wednesday, November 04, 2009 11:56 AMMarcin PolichtMVP

0
Sign In to Vote
Regardless of the mechanism you use, local name resolution needs to take into account the fact that NAT is in place. If your firewall does not provide this functionality, you will need to create the zone and records for (translated) Domain A on DNS servers in Domain B manually...

hth
Marcin
- Marked As Answer byJoson ZhouMSFT, ModeratorTuesday, November 10, 2009 10:52 AM
- Reply
- Quote

All Replies

Tuesday, November 03, 2009 5:25 PMArkturas

0
Sign In to Vote
is network address translation supported on an external trust on 2003 & 2008 DC's
- Reply
- Quote
Tuesday, November 03, 2009 7:56 PMMarcin PolichtMVP

0
Sign In to Vote
You need to configure DNS such that the zones for Domain A (forward/reverse) visible from Domain B - and vice versa - will take into account NAT (i.e. they should contain translated addresses).

As far as supportability is concerned, refer to http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/495f0dda-beef-4447-88bd-f80c815fd3c2

Avoid using multihomed DCs...

hth
Marcin
- Reply
- Quote
Tuesday, November 03, 2009 11:36 PMJorgeSilvaMVP

0
Sign In to Vote

is network address translation supported on an external trust on 2003 & 2008 DC's

Hi
Please read this:
http://support.microsoft.com/kb/908370
I hope that the information above helps you. This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.
- Reply
- Quote
Wednesday, November 04, 2009 6:44 AMArkturas

0
Sign In to Vote
Ok thanks,
- Edited byArkturas Wednesday, November 11, 2009 3:50 PM
- Reply
- Quote
Wednesday, November 04, 2009 11:56 AMMarcin PolichtMVP

0
Sign In to Vote
Regardless of the mechanism you use, local name resolution needs to take into account the fact that NAT is in place. If your firewall does not provide this functionality, you will need to create the zone and records for (translated) Domain A on DNS servers in Domain B manually...

hth
Marcin
- Marked As Answer byJoson ZhouMSFT, ModeratorTuesday, November 10, 2009 10:52 AM
- Reply
- Quote