Re: DNS for AD in VPN/DMZ

From: sheaff (sheaff_at_discussions.microsoft.com)
Date: 07/07/04 

Date: Tue, 6 Jul 2004 19:35:01 -0700

Thanks guys!

I may have been a little unclear, but I think Kevin understood the question.
The VPN network is secure, we use a Cisco concentrator and the clients use Cisco VPN client.

We only allow hosts that authenticate in. We only allow certain hosts to be seen by the VPN clients. All the mapping is accomplished with a Cisco PIX firewall.

Kevin has me on the correct track, and I think this will be the easiest and the optimal to do.

Thank you for all of your input.

If I have drastic changes, which is unlikely it can be redone (new dcs, etc) it is ok.
I also do not mind manually putiing in some host records.
This looks like it will be much easier than I thought.
Somethings are so automated today, it seems to make things more difficult.

"Ace Fekay [MVP]" wrote:

> In news:858D7427-0C07-49D4-ABC1-F39C8FA3D477@microsoft.com,
> sheaff <sheaff@discussions.microsoft.com> asked for help and I offered my
> suggestions below:
> > Hello,
> > I want to configure a DNS server so users can log on to domain(win2k)
> > through Cisco VPN client.
> >
> > I do not want to put a DC in the DMZ. I would like to put a DNS
> > server with server records in this zone.
> >
> > Anyone done this or know of any good resources to find.
> > Challanges include that it is a different network with different IP
> > addressing.
> > Security to me is a huge concern.
> >
> > Bill
>
> I believe Kevin mentioned to create a secondary on your DMZ DNS of your
> internal AD domain zone. THis way the clients can access theinternal subnet
> and domain. But you need to make sure you have network connectivity from the
> DMZ to the internal subnet, assuming you already have that.
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
> Microsoft Windows MVP - Active Directory
>
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>
>

Relevant Pages

  • RE: Dhcp security
    ... Setting up a 802.1x wired network requires: ... vendors, including Cisco, provide solutions to ensure that only properly ... trust agent collects security state information from multiple security ... software clients, such as anti-virus clients, and then communicates this ...
    (Focus-Microsoft)
  • Re: home network problems
    ... Deterministic Network Enhancer is one item installed by Cisco 3000 VPN. ... firewall softwall can be found. ...
    (microsoft.public.windowsxp.network_web)
  • RE: SBS 2003 VPN issue through ISA
    ... The XP clients and the TS are in the same network and same domain. ... connections are established from the clients themselves using Cisco VPN ... appears ISA is somehow dropping the connection according to the logs. ...
    (microsoft.public.windows.server.sbs)
  • Re: Unable to access hosts by name across a PPTP VPN connection
    ... How many remote clients ... Home) will only accept one incoming VPN connection at a time using the ... network and as new machines are used as VPN clients. ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Cisco VPN client connecting trough ISA 2004 - problem
    ... I've send it to the cisco guy and it's working finaly. ... that command should be used on client side or at PIX ... Clients are Cisco VPN 4.6 connecting to PIX IOS 6.3. ... My problem is that clients connectig from network behing ISA 2004 ...
    (microsoft.public.isa.vpn)