Re: Help With DNS Through VPN
- From: "ZVR" <nospamever@xxxxxx>
- Date: Tue, 6 Dec 2005 00:22:53 -0500
Answering both your posts here:
1. No, the pre-defined DNS lookup filter is used to allow DNS queries FROM
the ISA server - not TO. You need to allow DNS queries TO ISA - not the
other way around. That would be done with a custom packet filter for TCP/UDP
port 53.
2. You don't need to restart ISA for new packet filters to take effect.
(Actually, ISA will prompt you to restart the services every time there is a
need for that). You do need to wait for a certain amount of time though -
these changes are not instantaneous, but you should be able to see the
results in about one minute, at most.
3. For the actual procedure (creating the packet filter) to enable access to
your DNS server on the ISA2000 machine, see this excellent article by Tom
Shinder:
http://www.isaserver.org/articles/Running_a_DNS_Server_on_the_ISA_Server.html
Specifically, see the section right after the "ISA Server Alert" note
towards the end of the article.
Important to note that Tom Shinder's article also explains how to achieve
the same result by using server publishing (which is also more secure)
instead of packet filtering , but that is a more complex setup and if you're
new to ISA I think the packet filtering concept is easier to grasp. If you
feel so inclined I guess you can go through the entire article, or you can
jump directly to the section I mentioned. Good luck anyway and let us know
how it goes.
Virgil
"Bill" <billyg1943@xxxxxxxxxxx> wrote in message
news:u2MJH3f%23FHA.3852@xxxxxxxxxxxxxxxxxxxxxxx
> OK. Virgil. I created a packet filter as you described, but still no joy.
> Are these changed dynamic or does something need to be restarted? Do I
> need to create two filters: one for queries and one for zone transfers?
> Some of the options in the create filter dialog confused me a bit.
>
> "ZVR" <nospamever@xxxxxx> wrote in message
> news:y_-dnQZr6dCNTQnenZ2dnUVZ_tidnZ2d@xxxxxxxxxxxxx
>> First of all your setup is clear now. Thanks for providing the additional
>> info - without that these exercises become overly complicated sometimes.
>>
>>> Must be routing everything but DNS queries. Port 53 UDP/TCP is open on
>>> the ISA firewall OK.
>>
>> How do you mean? With ISA2000 you need to create a packet filter allowing
>> access to the external interface for DNS traffic (incoming 53 UDP for
>> queries, incoming 53 TCP for zone transfers). This is what you did?
>>
>> And, you do NOT have a routing issue as proven by the fact that you can
>> "touch" the SBS external NIC for your RDP connections.
>> protocol.
>>
>>>>> Thie client gets the correct IP address of the DNS server but it
>>>>> doesn't work
>>
>> So in this case that would be the external IP address of the SBS box.
>> That is where your DNS server resides I understand (and then you need the
>> packet filter as described above). If however you're talking about a DNS
>> server _behind_ your SBS (on the internal LAN) then you need a server
>> publishing rule instead, which would forward traffic to the internal DNS
>> server as it arrives at the external SBS NIC.
>>
>>
>> Virgil
>>
>>
>
>
.
- Follow-Ups:
- Re: Help With DNS Through VPN
- From: Bill
- Re: Help With DNS Through VPN
- From: Bill
- Re: Help With DNS Through VPN
- From: Bill
- Re: Help With DNS Through VPN
- References:
- Help With DNS Through VPN
- From: Ding Bat
- Re: Help With DNS Through VPN
- From: ZVR
- Re: Help With DNS Through VPN
- From: Bill
- Re: Help With DNS Through VPN
- From: ZVR
- Re: Help With DNS Through VPN
- From: Bill
- Help With DNS Through VPN
- Prev by Date: Re: ISA 2004 and ActiveSync.
- Next by Date: Re: ISA2004 issues (pretty detailed description and therefore much reading :)
- Previous by thread: Re: Help With DNS Through VPN
- Next by thread: Re: Help With DNS Through VPN
- Index(es):
Relevant Pages
|
Loading
