I have a strange situation and NAT seems to be the only possible cause.

We have a special situation that requires one lab to have its own subnet, so we have the public interface doing dynamic NAT. The server isn't running bordermanager because it is within our core and doesn't really need protected.

I recently started pushing proxy settings for IE down to the workstations. No matter what, these machines cannot use the bordermanager server that is actually at the perimeter. It behaves like clntrust isn't working.

Do these workstations need a routed connection instead of a NAT'd connection to use clntrust and a proxy server on the other side of there server?