Re: Basic concept of AD and DNS

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "Paul Williams [MVP]" <ptw2001@xxxxxxxxxxx>
Date: Fri, 18 Nov 2005 08:21:15 -0000

> yes, i force my router to do nat and let my users join domian in external
> network, i doubt that it is not a reasonable way. as your suggestion,
> should i build up a vpn service in my win2003 AD server, or i could use my
> router instead of win2003 to accept vpn connection instead? (my router
> supports vpn)

Ideally you would use your router or another server - you don't want to use
the DC for this type of stuff.

> i am afraid i missunderstand your meaning, you mean that if external users
> could join to my internal network via vpn, external users can access my
> internal resources just like they are sitting local lan?

Yes. With a VPN tunnel established, it would be a kind of extension of your
LAN.

> since i registered my own down abc.com and the base DNS is pointing to
> this
win2003 AD and DNS (all domain and sub domains are managed this win2003
machine), in case i have build up a record like: www host (A) 202.xx.yy.2
my internal users on 192.168.0.0/24 cannot access to web server, is there
any way to make win2003 dns to response a correct IP address? ex. enquiry
from outside network www.abc.com will be translated to
202.xx.yy.2, but translated to 192.168.0.10 if enquiry from internal
network?

Generally, all you need to do is add a www address into the internal domain.
The www address should be the external address of the web server. If you've
done this already, and the IP address is correct, you might have a routing
problem. Can you contact the web server via IP address? Can you telnet
onto the web server's IP address using port 80?

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net

.

Follow-Ups:
- Re: Basic concept of AD and DNS
  - From: mactable

References:
- Basic concept of AD and DNS
  - From: mactable
- Re: Basic concept of AD and DNS
  - From: Paul Williams [MVP]
- Re: Basic concept of AD and DNS
  - From: mactable

Prev by Date: Re: Basic concept of AD and DNS
Next by Date: Re: Windows 2000 account limitations
Previous by thread: Re: Basic concept of AD and DNS
Next by thread: Re: Basic concept of AD and DNS
Index(es):
- Date
- Thread

Relevant Pages

Re: Windows XP Networking Question (with Linksys Home VPN Router)
... You bought one router. ... to share this router in a wireless network? ... you don't need to be thinking of VPN - you can be all on the same ... and the other's set up 'outgoing connections' to connect to it. ...
(microsoft.public.isa.vpn)
VPN Suddenly Stopped Working
... I support a small nonprofit with a small network. ... computer running Win XP, which uses Windows Firewall; ... They don't use VPN ... LinkSys are a LinkSys VoIP router and a NetGear 8 port Ethernet switch. ...
(microsoft.public.windows.server.networking)
Re: VPN Question
... the laptop I'm using as the VPN client is sitting ... internal router and DHCP is handled by the SBS server. ... The SBS network is domain B. ...
(microsoft.public.windows.server.sbs)
Re: VPN Help...
... Can you connect to the VPN server from a remote location using WiFi versus your BT phone and ... > Proxy settings are clear apart from This network connects to the internet. ... > advanced settings here are use server assigned ip address, use slip is NOT selected, but the other ... >> You can test PPTP VPN through your router from a laptop/remote PC... ...
(microsoft.public.pocketpc)
Re: Win2K3 end point routers on separate Win2K3 networks
... to the Win2K3 VPN router (if and only if that traffic is ... the VPN server as thier default gateway - but I do NOT ... that article were based upon a peer to peer network, ...
(microsoft.public.windows.server.networking)