Re: VPN, split DNS and name resolution
From: Thomas W Shinder [MVP] (tshinder_at_hotmail.com)
Date: 02/11/05
- Next message: Thomas W Shinder [MVP]: "Re: VPN, split DNS and name resolution"
- Previous message: Ben Hall: "ISA SERVER 2000"
- In reply to: Bob Williamson: "Re: VPN, split DNS and name resolution"
- Next in thread: Thomas W Shinder [MVP]: "Re: VPN, split DNS and name resolution"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 11 Feb 2005 10:21:11 -0600
Hi Bob,
No, they ARE good reasons. At least they are good reasons to the decision
makers at MS, who want to provide a powerful "Access Anywhere" story -- so
what you're doing is absolutely, positively right. I think Steve Ballmer
would agree. He doesn't want to have to be "location aware" anymore than
anyone else, and without the split DNS, users have to be aware of their
location for everything to work right and work transparently.
So, what we need is a fix for the VPN clients, not a breakage of our Access
Anywhere solution just to support VPN clients that aren't working the way
they worked before.
-- Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls FACT: Firewalls need at least two interfaces -- put a second NIC in that ISA firewall! "Bob Williamson" <Osm3um@news.postalias> wrote in message news:eXhp0DVDFHA.1932@TK2MSFTNGP14.phx.gbl... : With regard to reasons: RPC over HTTP, mirroring internal intranet to an : external page etc. Not good reasons, but reasons none the less.... : : I set up some A records for testing again and this is what I got! : : First the applications etc are referencing the internal servers via a host : name. NOT an fqdn. Thus the suffix is added to the host name as necessary : by the computer, since the computers are all from the internal network. : This is necessary as we are running an internal Sharepoint server which does : not liek to be referenced via FQDN. : : Some interesting notes, while connected via VPN: NSlookup is showing the : correct internal IP 192.168.2.x (which is correct) was returned by the : internal DNS, ping shows the external IP address, tracert shows the : external. : : According to the log of ISA 2004 when the client tries to browse to the host : in IE, the DNS lookup on port 53 is going to my internal DNS server when the : VPN client trys to access the website. This was followup by an ldap call : (port 389) and then by a port 80 call to the external IP address. NOTE: I : want it to got to the internal IP..... : : The client does have the ISA client installed and the client uses, when it : is on the network, DHCP wpad and DNS for autoconfiguration. ISA is showing : some 1745 calls to the local host from the VPN client. : : Thanks, : Bob : : : "Rebecca Chen [MSFT]" <v-rebc@online.microsoft.com> wrote in message : news:D1fQZSQDFHA.2096@cpmsftngxa10.phx.gbl... : > Hi Bob, : > : > Is there any particular reason to maintain these A recorders. : > What is the network topology and the IP range among the ISA : > internal/external NIC, including the Exchange server? : > : > I assume the internal Exchange server is in 192.168.0.x subnet as well as : > the ISA internal NIC. The internal DNS server IP is 192.168.0.1. : > : > I suggest you use the following steps to isolate this issue: : > : > On the client, after connect to VPN, please issue the following command in : > CMD: : > : > Nslook : > Server 192.168.0.1 : > (This step intends to change the DNS server to your internal network DNS : > server) : > Input Exchange internal IP to see if Exchange server IP can be resolved. : > : > If so, please use the following steps to use VPN connection as the default : > gateway. : > : > 1. Open "Network and Dial-up Connections", right-click the VPN connection : > that you want to change, and then click Properties. : > : > 2. 3. Click the Networking tab, click "Internet Protocol (TCP/IP)" in the : > "Components checked are used by this connection" list, and then click : > Properties. : > : > 3. Click Advanced, and then click to clear the "Use default gateway on : > remote network" check box. : > : > What is the result? : > : > If the issue persists, please refer to the following article to gather the : > network MPSreport on the client side and send it to v-rebc@microsoft.com : > for research. : > : > Microsoft Product Support's Reporting Tools : > http://www.microsoft.com/downloads/details.aspx?FamilyID=cebf3c7c-7ca5-408f- : > 88b7-f9c79b7306c0&displaylang=en : > : > Any update, let us get in touch! : > : > Best regards, : > : > Rebecca Chen : > : > MCSE2000 MCDBA CCNA : > : > : > Microsoft Online Partner Support : > Get Secure! - www.microsoft.com/security : > : > ===================================================== : > : > When responding to posts, please "Reply to Group" via your newsreader so : > that others may learn and benefit from your issue. : > : > ===================================================== : > This posting is provided "AS IS" with no warranties, and confers no : > rights. : > : :
- Next message: Thomas W Shinder [MVP]: "Re: VPN, split DNS and name resolution"
- Previous message: Ben Hall: "ISA SERVER 2000"
- In reply to: Bob Williamson: "Re: VPN, split DNS and name resolution"
- Next in thread: Thomas W Shinder [MVP]: "Re: VPN, split DNS and name resolution"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
