We recently created a L2L VPN between our network and a new client network. The initial problem was overlapping subents between our two sites. I went ahead and created 4 natted subets, 1 for each subnet on our side that we want accessible by the other side. We can ping back and forth now, I can ping their addresses and they can ping our NAT addresses. The problem now is that we created a windows domain controller on the other side and it populated its DNS based on our other Domain controllers thoughout the enterprise. All DNS entries on the new controller point to the "unnatted" addresses obviously which kills the environment. Am I missing something? Is this more of a Windows issue than VPN/nat/routing issue? Thanks
* I have attached a diagram for reference. Any help is appreciated!
Bascially - yes it's a design issue. To join to networks together when using the same IP addressing
is an issue - but NAT can help. However joining domains together via Windows completly un-does the NAT.
With the ASA in the path of the IP traffic between the to sites - enables the NAT to work. Once the domain controllers
see each other and "exchange" information - you have just removed the ASA/NAT boundry, in my limited opinion with regards to windows domains.
Thanks for the reply. Are you saying that there is no quick solution to this issue? The only option is to carve out new non-overlapping subnets? I was hoping there might be some sort of simple design tweak or "helper" statements that we might be able to add? Thanks
For a quick solution I would recommend you read Microsoft Tech Net - the solution to this problem is not network device/config related.
A design tweak would be to only have 1 domain controller! Bear in mind I am not a Microsoft Admin - I am sure there is something to be done with the domain controllers - I however, have no clue.