Re: Help With DNS Through VPN
- From: "Ding Bat" <billyg1943@xxxxxxxxxxx>
- Date: Wed, 7 Dec 2005 16:19:48 +1000
Thanks, Virgil.
Sorry about the scope change, but this is really one of the goals I was
trying to achieve in the first place (use the LAN remotely as though you
were there). Thanks for seeing this through. FWIW, I have learned heaps
along the way :-) Topology 1; me 0. I won't be able to rejig this any time
soon and will be eating a bit of the old humble pie since I told my client
the Cisco 837 was the answer to his prayers. It would have been without ISA
and 2 NICs! I'm guessing you'd go the other way: toss the Cisco and use
3NICs + ISA for industrial-strength firewalling/proxy/DMZ. I'm guessing I
will too for my next project.
Cheers,
Bill
"ZVR" <nospamever@xxxxxx> wrote in message
news:GfadnZeCVpS_6AvenZ2dnUVZ_tydnZ2d@xxxxxxxxxxxxx
>
> No that's not why it fails. And this is completely different from a simple
> DNS query. You are trying to work as you were in the LAN. In order for
> Windows Networking to work like that you need a whole lot of things to
> happen first, which in your case don't happen and never will - read on for
> details.
>
>> Worse, I can't ping anything on that network either. Is this because of
>> NAT between the external and internal interfaces?
>
> Yes.
>
> But you do get the IP correctly from the FQDN. All this while using the
> external SBS IP as your DNS server in INetQuery, correct? If yes then we
> got past the initial problem of making the DNS server on the external SBS
> NIC available to VPN clients. Similarly if you ping the FQDN of one of the
> hosts on the internal LAN you will see it's being resolved correctly, but
> PING doesn't go through - because of NAT and your entire topology.
>
Only the server FQDN will resolve (to the external interface of the server),
no other hosts will resolve.
> Now on to the "real" issue here which is the fact that you don't have
> communication between the Cisco VPN clients and your ISA server. I am
> sorry to tell you that you will never be able to do this with ISA2000,
> unless you create a separate network between your Cisco VPN server and a
> 3rd NIC on the SBS machine configured as a DMZ network. This is probably
> too complicated anyway so if I were you I would do one of two things:
> -Either configure ISA as the VPN server and logon directly to ISA; then
> remote clients will have no problem connecting to the internal LAN. This
> would be my preffered method. Most likely you would have to start using
> the Microsoft VPN client though; it can also be done with the Cisco VPN
> client but it is very complicated and unreliable in my experience.
> -Or, bring ISA in the front, as your "edge" device with a public IP and
> direct connection to Internet, and place the "internal" interface of your
> Cisco VPN concentrator on the LAN, so that when remote clients log on to
> the VPN provided by Cisco, they are "on the LAN" already.
>
> Other than that... not much to do. Keyword here is topology re-design...
> there's really no workaround to that.
>
> Good luck,
> Virgil
>
>
.
- Follow-Ups:
- Re: Help With DNS Through VPN
- From: ZVR
- Re: Help With DNS Through VPN
- References:
- Help With DNS Through VPN
- From: Ding Bat
- Re: Help With DNS Through VPN
- From: ZVR
- Re: Help With DNS Through VPN
- From: Bill
- Re: Help With DNS Through VPN
- From: ZVR
- Re: Help With DNS Through VPN
- From: Bill
- Re: Help With DNS Through VPN
- From: ZVR
- Re: Help With DNS Through VPN
- From: Bill
- Re: Help With DNS Through VPN
- From: ZVR
- Re: Help With DNS Through VPN
- From: Ding Bat
- Re: Help With DNS Through VPN
- From: ZVR
- Help With DNS Through VPN
- Prev by Date: Re: Help With DNS Through VPN
- Next by Date: RE: PPTP site to site VPN - routing hell!
- Previous by thread: Re: Help With DNS Through VPN
- Next by thread: Re: Help With DNS Through VPN
- Index(es):
Relevant Pages
|
