Trust between two NT systems not working correctly

jellabean · ‎01-30-2001

We have 2 sites connected via T-1 and Cisco 2500 series routers. Site A is running NAT and Site B is not.

With a two-way trust between the NT domains, it seems like the trust is "half-working" since Site B can see Site A resources but not vice-versa.

According to MS TechNet article # Q172227 it is because the NetBIOS session headers are not being translated properly in NAT.

So is this MS shifting the blame or is there a fix to my problem in the Cisco IOS-I am running 12.0(5)

a-vazquez · ‎02-02-2001

Even though this document resides in the PIX section at Cisco’s website, I know it applies to any and all NAT and Windows Domain. I think it’ll address your problem:

http://www.cisco.com/warp/customer/110/pixfaq.html#Q21

Just out of curiosity have you considered using IPSec? With an encrypted tunnel and the proper network design, the packets won’t ever NAT (except at the tunnel) and will route naturally.

jellabean · ‎02-06-2001

I had already implemented all of the items listed in the article that you referenced with the exception of the conduit command. As near as I can tell, it is only available with PIX firewalls--not on my 2500 series router.

I have not used IPSec since I am completely unfamiliar with it.

When I had initially implemented NAT, I had a HUGE problem since all of my computers registered with the corporate WINS server--gladly passing their IP address with local instead of translated addresses. I changed the DHCP (and static) configurations and set up a DNS specifically to handle external requests to our internal network.

jimb · ‎05-31-2001

Trust relationships between NT domains are notoriously unreliable. We had a trust between two domains on the same Ethernet segment, and we could not keep it working. My guess is that your problem has more to do with NT than will IOS.

Good luck.