To be blunt, this is networking 101 -OK, maybe 201. If systems are truly behind a NAT, then they are sharing an outward facing IP address. Thus, things on the outside only see that outward facing IP address from traffic initiated on the inside but in turn cannot initiate connections to those systems inside because ... they share the same IP address and there's no way to direct the traffic properly. PINGing just means you got a reply from a device - it doesn't prove anything. Opening a port in a NAT will statically map that port to a single device on the inside leaving the other devices unreachable.
For systems behind a NAT, you will *not* be able to use client push. You will need another form of client installation that uses a client pull methodology (like the ConfigMgr agent itself does). And of course remote won't work either for the exact same reason. Additionally, depending upon the IP addressing scheme, NATing typically implies that you have overlapping IP subnets somewhere which could lead to content location issues since content location in ConfigMgr is dependent upon IP addressing. Ultimately, this is why NATed clients are not supported by ConfigMgr. If you understand the networking concepts, then it can be made to work - mostly - but you really need to know the networking basics here. J From: [email protected] [mailto:[email protected]] On Behalf Of Magnus Tveten Sent: Sunday, December 7, 2014 4:47 PM To: [email protected] Subject: [mssms] Pushing SCCM2012R2 clients to machines on a NATed net work. Hi All, We have some networks that for whatever reason sits behind a 'NAT' (ok my network/firewall knowledge is not exactly the best....) . If I try to Ping one of these machines it resolves to its 'Real' IP which Of course I cannot get to, so for this testing I put them in the HOST file so that it resolves to the NATed IP which I can ping. The Firewall allows me to connect to Admin$ and all that for client push, and there is a Firewall Rule for the Dynamic port for RPC(Wmi) which it works out what port to allow and opens that one, these rules work great on the Non NATed networks that go through this firewall, however it fails for the ones that are NATed... Anyone here have much experience with Client Push to NATed machines ? ________________________________ MAGNUS TVETEN SERVER SUPPORT ENGINEER ________________________________ The information transmitted in this message and its attachments (if any) is intended only for the person or entity to which it is addressed. The message may contain confidential material and /or personal information. If you have received this in error, please contact the sender and delete this e-mail and associated material from any computer. ________________________________
