Re: Public/Private DNS resolution over VPN
- From: "Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&LastNameHere@xxxxxxxxxxx>
- Date: Sat, 16 Jul 2005 02:18:03 -0400
In news:7A5FBCEF-1BC1-4208-B3AA-AC48BC22668B@xxxxxxxxxxxxx,
RichWhit <RichWhit@xxxxxxxxxxxxxxxxxxxxxxxxx> stated, which I then commented
on below:
> I have a private NAT internal network with private internal DNS
> server and I have a public DNS hosted for my publicly available
> servers and services. When some users connect to the private internal
> network using Microsoft VPN client, they are not able to get the
> private internal IP address of any publicly available resource.
> Because the internal network does not know how to route public IP
> addresses, these users are not able to connect to the Exchange server
> or internal web sites. Does anyone have a suggestion as to how to
> resolve this issue? This is only an issue for some users. The
> clients are configured with default VPN settings that stipulate to
> use the local default gateway. If the address is not listed in the
> public DNS, then the private DNS address is resolved from the
> internal DNS server.
Curious Rich, what is the internal private range? Is it 192.168.0.0/24?
Reason I ask is usually for the most case in a same internal/external zone
name (split-brain, split-zone, among the many names for it), usually will
just work with VPNs. The Microsoft VPN client, as well as vendor specific
clients, will use the VPN connection as the default connection thus using
the DHCP assigned IP and options (DNS, WINS, etc) for connectivity. If the
private addresses are in the private server, it will resolve to that first
and will attempt to connect to that first.
My main client is setup that way. It was done prior to my involvment,
otherwise I would have chosen a subdomain namespace for the AD zone, such as
corp.domain.com.
One problem I've seen is when the internal IP range is the one mentioned
above, and the user's system they are connecting from at home is of the same
subnet behind their own little NAT device. This will cause major problems
with resolution.
Another method I've seen to combat similar VPN issues is to create a batch
file to populate their hosts files with the pertinent DC and OWA name and
IPs
If it is just happening on "some" users, the first thing I would look at is
their IP range at home if it is the same as the corp network.
--
Regards,
Ace
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.
This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
.
- References:
- Public/Private DNS resolution over VPN
- From: RichWhit
- Public/Private DNS resolution over VPN
- Prev by Date: Re: DNS subdomain to Apache2 virtual directory ??
- Next by Date: Re: Scenarios "PTR" records are not important
- Previous by thread: Re: Public/Private DNS resolution over VPN
- Next by thread: Primary DNS suffix and connection Suffix
- Index(es):
Relevant Pages
|
