Best Practices to configure your Infrastructure with NAT

Best Practices to configure your Infrastructure with NAT

How to configure the environment to use NAT in a remote Site. There are five sites in the AD infrastructure, there are one DC/DNS DCs are running Windows 2003 SP2 They modified DNS name resolution to solve AD replication adding the NAT IP addresses, now sometimes the dcs are getting the olders IP and others get IPS’s thruNATting.

Procedure:-
978772 Description of support boundaries for Active Directory over NAT http://support.microsoft.com/default.aspx?scid=kb;EN-US;978772 Add info related to netlogon 186340 NAT Routers Disallow Setup of One-way Trusts Between Domains http://support.microsoft.com/default.aspx?scid=kb;EN-US;186340

To successfully implement a Windows NT domain structure using a NAT, the NAT will have to translate the addresses in NetBIOS datagram headers. Consult the vendor of your NAT device for information on this issue.

” Additional Information ”

NATs are used in IP networks to translate addresses from one network to another. For example, if an internal network used one of the non-routable private network IDs from RFC1597, such as 10.0.0.0, you could use a NAT to translate these addresses into a public IP address and route them to the Internet. When a packet comes back to the NAT, it retranslates the address back to the private address of the originating host.

If you send a NetBIOS datagram, as Netlogon does, the NetBIOS header contains the source IP address. The reply to this NetBIOS datagram will be sent directly to this IP address that is found in the NetBIOS header as defined in RFC1002, section 4.4. If the NAT only translates addresses in the IP header, and notin the NetBIOS header, the packet may be sent to the wrong address. In this example, the packet would be sent back to the computer on the 10.0.0.0 network, which is a private address and not routeable. “