Re: Help With DNS Through VPN

---

• From: "Bill" <billyg1943@xxxxxxxxxxx>
• Date: Tue, 6 Dec 2005 10:40:19 +1000

---

OK. Virgil. I created a packet filter as you described, but still no joy.
Are these changed dynamic or does something need to be restarted? Do I need
to create two filters: one for queries and one for zone transfers? Some of
the options in the create filter dialog confused me a bit.

"ZVR" <nospamever@xxxxxx> wrote in message
news:y_-dnQZr6dCNTQnenZ2dnUVZ_tidnZ2d@xxxxxxxxxxxxx
> First of all your setup is clear now. Thanks for providing the additional
> info - without that these exercises become overly complicated sometimes.
>
>> Must be routing everything but DNS queries. Port 53 UDP/TCP is open on
>> the ISA firewall OK.
>
> How do you mean? With ISA2000 you need to create a packet filter allowing
> access to the external interface for DNS traffic (incoming 53 UDP for
> queries, incoming 53 TCP for zone transfers). This is what you did?
>
> And, you do NOT have a routing issue as proven by the fact that you can
> "touch" the SBS external NIC for your RDP connections.
> protocol.
>
>>>> Thie client gets the correct IP address of the DNS server but it
>>>> doesn't work
>
> So in this case that would be the external IP address of the SBS box. That
> is where your DNS server resides I understand (and then you need the
> packet filter as described above). If however you're talking about a DNS
> server _behind_ your SBS (on the internal LAN) then you need a server
> publishing rule instead, which would forward traffic to the internal DNS
> server as it arrives at the external SBS NIC.
>
>
> Virgil
>
>


.

---

• Follow-Ups:
  • Re: Help With DNS Through VPN
    • From: ZVR

• References:
  • Help With DNS Through VPN
    • From: Ding Bat
  • Re: Help With DNS Through VPN
    • From: ZVR
  • Re: Help With DNS Through VPN
    • From: Bill
  • Re: Help With DNS Through VPN
    • From: ZVR

• Prev by Date: Re: ISA2004 issues (pretty detailed description and therefore much reading :)
• Next by Date: Re: ISA 2004 and ActiveSync.
• Previous by thread: Re: Help With DNS Through VPN
• Next by thread: Re: Help With DNS Through VPN
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Help With DNS Through VPN ... Hi Virgil, ... *** Can't find server name for address 192.168.aaa.bbb No response from ... the pre-defined DNS lookup filter is used to allow DNS queries FROM ... For the actual procedure (creating the packet filter) to enable access ... (microsoft.public.isa) Re: Help With DNS Through VPN ... the pre-defined DNS lookup filter is used to allow DNS queries FROM ... > the ISA server - not TO. ... For the actual procedure (creating the packet filter) to enable access ... (microsoft.public.isa) Re: ISA and DNS ... ... > For a packet filter to allow access to a service the service must be ... > listening on that interface. ... > 'Change server IP' or CEICW wizards will change it back. ... Both Nics point to the internal interface for DNS resolution, ... (microsoft.public.windows.server.sbs) RE: an error in the NMAP docs? ... If you create with a machine that is protected both inbound and outbound by ... deny all rules and then add a packet filter rule to allow the machine to act ... as a DNS server. ... If you add a client rule so the machine can ftp out (outbound port 20), ... (Security-Basics) Problem with DNS Publishing ... I have publishing rules configured to allow DNS Query Server and DNS ... DNS server for the internal addresses. ... I also have setup IP Packet filter rules to allow DNS query and domain ... (microsoft.public.isa.publishing)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa  > 2005-12