Re: Help With DNS Through VPN
- From: "ZVR" <nospamever@xxxxxx>
- Date: Wed, 7 Dec 2005 00:35:38 -0500
> What I meant was "merry.christmas" is NOT the name of the DNS/SBS server.
Be that as it is... that is how the DNS server seems to resolve itself. You
probably have a reverse lookup zone on your DNS server that has a PTR record
of "merry.christmas" for the external IP address. Let's forget about this
for now, it's really not that important.
> I mean that if I try to, say, make a Desktop Shortcut on the remote PC to
> \\internal_servername\share_name it fails because I can't resolve any
> hosts on that network.
No that's not why it fails. And this is completely different from a simple
DNS query. You are trying to work as you were in the LAN. In order for
Windows Networking to work like that you need a whole lot of things to
happen first, which in your case don't happen and never will - read on for
details.
> Worse, I can't ping anything on that network either. Is this because of
> NAT between the external and internal interfaces?
Yes.
>> Finally, what happens if you install INetQuery on a remote PC, connect
>> that PC via VPN, then launch some DNS queries from that PC against the
>> external SBS IP?
>>
> If I try to ping <FQDN> of the DNS/SBS server I get 8 "Host timed out":
> the first one blank and the other seven with DNS server IP and host name.
But you do get the IP correctly from the FQDN. All this while using the
external SBS IP as your DNS server in INetQuery, correct? If yes then we got
past the initial problem of making the DNS server on the external SBS NIC
available to VPN clients. Similarly if you ping the FQDN of one of the hosts
on the internal LAN you will see it's being resolved correctly, but PING
doesn't go through - because of NAT and your entire topology.
Now on to the "real" issue here which is the fact that you don't have
communication between the Cisco VPN clients and your ISA server. I am sorry
to tell you that you will never be able to do this with ISA2000, unless you
create a separate network between your Cisco VPN server and a 3rd NIC on the
SBS machine configured as a DMZ network. This is probably too complicated
anyway so if I were you I would do one of two things:
-Either configure ISA as the VPN server and logon directly to ISA; then
remote clients will have no problem connecting to the internal LAN. This
would be my preffered method. Most likely you would have to start using the
Microsoft VPN client though; it can also be done with the Cisco VPN client
but it is very complicated and unreliable in my experience.
-Or, bring ISA in the front, as your "edge" device with a public IP and
direct connection to Internet, and place the "internal" interface of your
Cisco VPN concentrator on the LAN, so that when remote clients log on to the
VPN provided by Cisco, they are "on the LAN" already.
Other than that... not much to do. Keyword here is topology re-design...
there's really no workaround to that.
Good luck,
Virgil
.
- Follow-Ups:
- Re: Help With DNS Through VPN
- From: Ding Bat
- Re: Help With DNS Through VPN
- References:
- Help With DNS Through VPN
- From: Ding Bat
- Re: Help With DNS Through VPN
- From: ZVR
- Re: Help With DNS Through VPN
- From: Bill
- Re: Help With DNS Through VPN
- From: ZVR
- Re: Help With DNS Through VPN
- From: Bill
- Re: Help With DNS Through VPN
- From: ZVR
- Re: Help With DNS Through VPN
- From: Bill
- Re: Help With DNS Through VPN
- From: ZVR
- Re: Help With DNS Through VPN
- From: Ding Bat
- Help With DNS Through VPN
- Prev by Date: Re: Help With DNS Through VPN
- Next by Date: Re: Help With DNS Through VPN
- Previous by thread: Re: Help With DNS Through VPN
- Next by thread: Re: Help With DNS Through VPN
- Index(es):
Relevant Pages
|
