Re: Help With DNS Through VPN

From: "Bill" <billyg1943@xxxxxxxxxxx>
Date: Tue, 6 Dec 2005 17:15:08 +1000

Thanks again Virgil. Your'e correct that I am new to ISA, and isn't it a
HUGE beast? I will check out the references and let you know how I go.
Cheers, Bill.
"ZVR" <nospamever@xxxxxx> wrote in message
news:raWdnet8IvI6vQjeRVn-rw@xxxxxxxxxxxxx
> Answering both your posts here:
>
> 1. No, the pre-defined DNS lookup filter is used to allow DNS queries FROM
> the ISA server - not TO. You need to allow DNS queries TO ISA - not the
> other way around. That would be done with a custom packet filter for
> TCP/UDP port 53.
>
> 2. You don't need to restart ISA for new packet filters to take effect.
> (Actually, ISA will prompt you to restart the services every time there is
> a need for that). You do need to wait for a certain amount of time
> though - these changes are not instantaneous, but you should be able to
> see the results in about one minute, at most.
>
> 3. For the actual procedure (creating the packet filter) to enable access
> to your DNS server on the ISA2000 machine, see this excellent article by
> Tom Shinder:
> http://www.isaserver.org/articles/Running_a_DNS_Server_on_the_ISA_Server.html
>
> Specifically, see the section right after the "ISA Server Alert" note
> towards the end of the article.
>
> Important to note that Tom Shinder's article also explains how to achieve
> the same result by using server publishing (which is also more secure)
> instead of packet filtering , but that is a more complex setup and if
> you're new to ISA I think the packet filtering concept is easier to grasp.
> If you feel so inclined I guess you can go through the entire article, or
> you can jump directly to the section I mentioned. Good luck anyway and let
> us know how it goes.
>
> Virgil
>
>
>
>
> "Bill" <billyg1943@xxxxxxxxxxx> wrote in message
> news:u2MJH3f%23FHA.3852@xxxxxxxxxxxxxxxxxxxxxxx
>> OK. Virgil. I created a packet filter as you described, but still no
>> joy. Are these changed dynamic or does something need to be restarted?
>> Do I need to create two filters: one for queries and one for zone
>> transfers? Some of the options in the create filter dialog confused me a
>> bit.
>>
>> "ZVR" <nospamever@xxxxxx> wrote in message
>> news:y_-dnQZr6dCNTQnenZ2dnUVZ_tidnZ2d@xxxxxxxxxxxxx
>>> First of all your setup is clear now. Thanks for providing the
>>> additional info - without that these exercises become overly complicated
>>> sometimes.
>>>
>>>> Must be routing everything but DNS queries. Port 53 UDP/TCP is open on
>>>> the ISA firewall OK.
>>>
>>> How do you mean? With ISA2000 you need to create a packet filter
>>> allowing access to the external interface for DNS traffic (incoming 53
>>> UDP for queries, incoming 53 TCP for zone transfers). This is what you
>>> did?
>>>
>>> And, you do NOT have a routing issue as proven by the fact that you can
>>> "touch" the SBS external NIC for your RDP connections.
>>> protocol.
>>>
>>>>>> Thie client gets the correct IP address of the DNS server but it
>>>>>> doesn't work
>>>
>>> So in this case that would be the external IP address of the SBS box.
>>> That is where your DNS server resides I understand (and then you need
>>> the packet filter as described above). If however you're talking about a
>>> DNS server _behind_ your SBS (on the internal LAN) then you need a
>>> server publishing rule instead, which would forward traffic to the
>>> internal DNS server as it arrives at the external SBS NIC.
>>>
>>>
>>> Virgil
>>>
>>>
>>
>>
>
>

.

References:
- Help With DNS Through VPN
  - From: Ding Bat
- Re: Help With DNS Through VPN
  - From: ZVR
- Re: Help With DNS Through VPN
  - From: Bill
- Re: Help With DNS Through VPN
  - From: ZVR
- Re: Help With DNS Through VPN
  - From: Bill
- Re: Help With DNS Through VPN
  - From: ZVR

Prev by Date: Re: ISA2004 issues (pretty detailed description and therefore much reading :)
Next by Date: Re: ping with authentication ??
Previous by thread: Re: Help With DNS Through VPN
Next by thread: Re: Help With DNS Through VPN
Index(es):
- Date
- Thread

Relevant Pages

Re: Cannot connect to RWW from home PC
... DNS stuff says your mail server is responding with reply that is not MS ... When we setup this new SBS2003 setup we installed without ISA as it does ... not seeing any problems anywhere regards internet or email - we also run ...
(microsoft.public.windows.server.sbs)
Re: Cannot connect to RWW from home PC
... DNS stuff says your mail server is responding with reply that is not MS ... When we setup this new SBS2003 setup we installed without ISA as it does ... not seeing any problems anywhere regards internet or email - we also run ...
(microsoft.public.windows.server.sbs)
Re: Arghhh..... DNS and ISA :-0
... domain pointing to the external IP of your ISA server. ... www.yourcompany.com needs to resolve FROM OUTSIDE to the external IP of ISA. ... A lookup will be done by that site and if your DNS is working ... For your INTERNAL clients to be able to get on the Internet you need: ...
(microsoft.public.isa)
Re: Isa Server 2006
... the only one with two nics. ... machine that is not the ISA SERVER?? ... Get rid of the DSL box and physically replace it with the ISA ... DNS & WINS 192.168.1.1 ...
(microsoft.public.isaserver)
Re: Strange Issues moving from SBS 2000 to Server 2003 R2
... Have you setup forwarders on the DNS server to your ISP's DNS server? ... Are the clients configured in IE settings to use the ISA as a proxy? ...
(microsoft.public.windows.server.networking)