Re: Name resolution for VPN Clients

Yep, i totally agree with you - the user should have their Internet access
controlled by the ISA when connected by VPN etc.
It just surprises me that the modem DNS answers when you run nslookup and
not the DNS server in the internal network, despite the fact that to all
intents and purposes the internal DNS server does indeed to be resolving the
name resolution petitions.

"Phillip Windell" wrote:

There is only one DNS Server that a LAN Client should ever ever ever use,
that is the Active Directory DNS Server. The ISP's DNS would be a forwarder
within the Config of the AD/DNS. It doesn't matter if the client is a
permanent LAN Client or a VPN User.

The Internet Device (DSL, CableTV, whatever) should never be involved in any
way with DNS in a commercial network. They can be used for Home User
setups, but even then I don't recommend it.

Remember that with Remote Access VPN, when the user makes the "call" that
VPN Connectiod takes over all network communication so whatever DNS or WINS
the Connectiod uses is what the user will be using. When they disconnect
the VPN they go back the whatever they were using on their regular Nic.
This is one of the reasons Remote Access VPN is never meant to be "always
up",...you are supposed to connect,..do whatever job you connected to
do,...then disconnect and leave. Much of the other network (local user's
LAN) communication is "on hold" while the VPN is active.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

"johnny_mango" <johnnymango@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4C4BA608-DED2-4ED3-A679-E39C3144BBC5@xxxxxxxxxxxxxxxx
Yep.

But in general terms, which DNS server should answer the client in
nslookup?
The local DNS server (the ADSL modem) or the DNS server in the remote
network?

"Phillip Windell" wrote:

Did you create the Access Rule to allow VPN Users to make DNS queries to
the
AD/DNS Server?


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or
Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
"johnny_mango" <johnnymango@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2934B944-2BDF-46C1-9A37-CCDD534CB03F@xxxxxxxxxxxxxxxx
Hi,

How should a VPN client resolve names? I ask because I wish a VPN
client
to
be able to communicate with an internal server by name, and not by IP,
but
upon executing nslookup on the client, the DNS server on my modem
responds
and not the DNS server in the remote network.
In my network bindings, I have placed the RRAS connection to the top of
the
list and in the properties of the VPN in the ISA Server console I have
configured the clients to use the internal DNS server, but to no avail.

Thanks for any help available.







.

Relevant Pages

  • RE: Configuring ISA 2004 for outbound MS VPN access
    ... internal users to connect to an external VPN server through Microsoft ... Internet Security and Acceleration (ISA) Server 2004. ... remote VPN network is not in the local ISA server's LAT (for ISA 2004, ... Joining Networks over the Internet with a Gateway to Gateway VPN: ...
    (microsoft.public.windows.server.sbs)
  • Re: DNS not resolving correctly on VPN
    ... When they log in via VPN, we pass the same DNS server. ... I will work with one of this machines today and post back. ... > the users use the OWA from the Internet side? ...
    (microsoft.public.win2000.dns)
  • Re: weird gateway to gateway vpn issue
    ... but then the vpn ... web sites from site B I have to disconnect the gateway to gateway ... has a domain controller that connects over the internet through ... to the internet through their local ISA server at any one time. ...
    (microsoft.public.isa.vpn)
  • Re: Site2Site VPN - Web page requests returns FWX_E_TERMINATING
    ... You have to separate in you mind the concept of the VPN -vs- the Internet ... Internet Locations and it will *blindly* send them to the proxy if IE ... Understanding the ISA 2004 Access Rule Processing ...
    (microsoft.public.isa.vpn)
  • Re: weird gateway to gateway vpn issue
    ... Could you give more infos about the ISA Nics config? ... works fine if the vpn link is broken. ... get to web sites from site B I have to disconnect the gateway ... Does both site got a DNS for internet name resolution? ...
    (microsoft.public.isa.vpn)