Active Directory Replication - NAT Router

Anyone by chance replicating AD using a NAT firewall with IPSec?
My ISP is blocking ports tcp/udp 135-139 which is used for RPC AD replication.
I can use IPSec for AD replication but in searching out the process, I'm reading from Microsoft that it won't replicate correctly over NAT-based routers.
I can disable the NAT, but that just doesn't work for me. I'm thinking about trying it out in the DMZ to see if that will bypass the NAT instead.

Anyone else trying this or have any thoughts on it?

In the mean time, I'm going to continue searching on it.


I keep forgetting how my new network is setup. I'm using my friend's D-Link Wireless G Router.. I haven't really looked at it's config options, but I know my linksys router has the option to allow IPSec Passthrough. If his router doesn't allow that, I'll just put my router in place, use his as an AP attached to mine and be done with it.
I like solving my own problems and posting in a forum so everyone can watch me answer my own stupid questions. hah.

<P ID="edit"><FONT SIZE=-1><EM>Edited by riser on 04/21/05 11:48 AM.</EM></FONT></P>
2 answers Last reply
More about active directory replication router
  1. Tunnel the connection to the other server. Set up a VPN from one end to the other. Most ISPs allow that and have directions on their homepage on how to set it up.

    I want my epitaph to be: "Moved to /dev/null"
  2. Yeah I knew that.. I reading that Microsoft's builtin VPN doesn't work through NAT routers.. so without thinking I posted that.. then I realized that my Linksys router allows IPSec Passthrough, which is what's needed for the VPN..
    Then I realized that my roommate's router is in place which is D-Link and I wasn't sure if that was an option.

    I'll probably just put my router in place, turn off DHCP on his and hopefully use his as an AP since neither of us really use wireless but once a month if that. Hopefully his D-Link router will do that since it seems to be a POS and never do anything that I wanted.

    I was also lookg at hosting my own VPN server, not just creating the connection out, but allowing the connections in to my server.

Ask a new question

Read More

Routers Internet Service Providers Active Directory Networking