Re: DNS not resolving correctly on VPN

We don't have AD. Our network is basically a peer-2-peer network at this
time where all tcp info comes from dhcp. We don't have logon domains and the
"logon to domain" option under VPN properties is unchecked. our DHCP server
is linux based sending:

option subnet-mask 255.255.255.0;
option domain-name "initialplants.com";
option domain-name-servers [DNSserver];
option time-servers [timeserver];
option routers [firewallIP]

Nothing fancy, very simple. All IPs are internal.

When they log in via VPN, we pass the same DNS server (internal ip). What's
strange is that ipconfig shows only 1 DNS server: the internal one. I even
tried to specify the DNS server under the connection advanced properties.

As far as email goes, we don't use Exchange; we use Imail and yes they are
using a POP3 account. Most of our users use the web interface when their
laptop is at the shop or they're having issues with vpn or the email client.
I wish they could use IMAP to resolve other issues like big folder files but
that's just a wish at this time.

I will work with one of this machines today and post back.
thanks Ace
--
===============================
Elliott Bujan
Initial Tropical Plants - USA



"Ace Fekay [MVP]" wrote:

> In news:C645C57C-3058-4590-A9DD-F827A79B8465@xxxxxxxxxxxxx,
> Plantguy <Plantguy@xxxxxxxxxxxxxxxxxxxxxxxxx> made this post, which I then
> commented about below:
> > Some users have been unable to send messages because the machine,
> > running xp or 2000, resolves to the wrong ip address
> > Our remote users dial into our vpn server and they are able to access
> > all of our resources. For email purposes, they have to log in to vpn
> > to send messages because our 3rd party message scanner only accepts
> > connections from our public ip address, nothing else.
> >
> > Now, on some machines, if I type ping smtp.myserver.com, I get our
> > public ip address instead of our internal mail server address, which
> > causes Outlook to error out when sending. it's only a hand full and
> > the workaround is to use the ip address instead of the fqdn. Why is
> > this happening?
> >
> > I tried flushing the cache, reboot the machine, reconnect via vpn.
> > What would it fix this?
> >
> > Thanks a lot for any suggestions
> > Elliott
> > ===============================
> > Elliott Bujan
> > Initial Tropical Plants - USA
>
> If you're getting the public IP on *some* of the machines, it's telling me
> you have your machines configured with a public DNS server and your internal
> DNS server. Assuming you have Active Directory, this is a huge mistake. You
> must only use the internal DNS on ALL machines in the AD domain. I'm
> surprised there aren't any other issues occuring due to this. Make sure all
> machines only use the internal DNS. Check DHCP Option 006 to make sure it
> only shows the internal DNS. When connecting thru a VPN, I'm sure your DHCP
> is supplying the VPN user's IP configuration, including the DNS addresses.
> As long as you have it set to use the internal DNS, there shouldn't be a
> problem.
>
> As for the first paragraph, can I assume you are using Exchange? Why not let
> the users use the OWA from the Internet side? But what I'm assuming based on
> your post, that you are using either OUtlook Express or an Outlook MAPI
> client set for POP3 or IMAP4 and using SMTP to send mail to the mail server.
> Is that true? If not, please elaborate on your mail configuration to better
> understand your setup.
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
> Infinite Diversities in Infinite Combinations.
> =================================
>
>
>
>
>
>
>
.

Relevant Pages

  • Re: Name resolution for VPN Clients
    ... controlled by the ISA when connected by VPN etc. ... intents and purposes the internal DNS server does indeed to be resolving the ... The Internet Device should never be involved in any ... Understanding the ISA 2004 Access Rule Processing ...
    (microsoft.public.isa.vpn)
  • Re: VPN issue
    ... Pointed to the Internal DNS server other than the ISP''s DNS server. ... Log on locally instead of cached credential and then connect using VPN. ... domain users can simply connect to the SBS server only using internet ...
    (microsoft.public.windows.server.sbs)
  • Re: Firewall
    ... >> machines could not resolve domain names, but that they could ping public ... >> appropriate DNS server settings, and that they get replies to DNS ... >server addresses of my cable internet company? ...
    (alt.os.linux.suse)
  • Re: Several policies on the same RADIUS
    ... Also we have configured wireless access, for security we have installed it ... access to internet but only can access to intranet through a VPN connection. ... Also we want to create specific VPN to access specific machines for users ...
    (microsoft.public.internet.radius)
  • Re: Domain workstation cannot see the domain for adding user permi
    ... approach but to instead use ONLY your domain controllers and configure them ... does not go to the other one if the DNS server returns a "not found" ... Now I have internet access via the dsl ... The network has a dsl router which only some machines are allowed to ...
    (microsoft.public.windowsxp.security_admin)