The DMZ machines are SecureNAT clients (ISA being the default gateway). I created new computer objects to the DCs that the trust will be connecting to. Afterwards set a route relationship from my DMZ segment to the newly created computer objects. (in accordance to the 2nd article above)
Without ISA, our 2 domains trust each other fine (they trust us). When I SecureNAT my DC (which is in charge of the trust), the trust does not establish.
I believe that the route relationship indeed routes (and not NATs) from my DC to their machine. So that my DMZ IP is what is used to connect and not ISAs external IP. Verified by netstat on the remote pc.
I opened up the ports indicated from the 1st link above. As i understand, all were outgoing, are any incoming needed? I'm a little confused with what RPC ports are/need to be opened. Will port 135 dynamically open the correct >1024 incoming ports?
Logging shows successful 138, 139 connections to the trusting domain, however when the trusting machine replies back with traffic on ports >1024 I recieve the following: