Re: Browsing share on AD slow over VPN

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

OK. So bottom line is (and yes, of course I am usinga different IP range for
VPN Clients - No NAT translation from internal IP to VPN client IP address):

1. Install WINS and change DHCP setting for option 044 and 046
2. Setup WINS address in CISCO PIX515E VPN Pool IP Range
3. Accress rules on PIX to allow VPN subnet access to internal subnet (this
would mean what? any traffic coming from outside interface going to inside
network?)

I'll try this out tomorrow.

Thanks.

"Ace Fekay [MCT]" wrote:

"Maki" <Maki@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:914815E1-C78B-422E-BC42-C26061DD8350@xxxxxxxxxxxxxxxx
I've noticed I can only get to verify the user name when mapping network
share if I put IP address of server rather than its host name.
So do I just edit the lmhosts file in c:\windows\system32\drivers\etc
directory and add the line for the server at the remot client machine (so
my
machine at home)? Or the server as well?
Find all this a bit confusing as I thought that I can configure the VPN
pool
to give out the local DNS server so that machines know how to resolve
names?
If I check the TCP/IP settings on local machine and hit advanced, I got
the
DNS and WINS tab. Funny thing is that in DNS tab the server IP is listed
so
anything else I need to do?
I have setup split tunneling over the CISCO firewall as I figured the
users
would want to still use the internet from local connection? Is this a
problem? Does internal DNS get ignored?
I've also click on use local lan access on vpn cisco client program, but
it
says disabled - I gather I have to enable this somewhere else on server or
firewall side also for it to work? Lmhosts seems like an answer but it
will I
assume take a lot of effort to support all 50-60 users that might use
it...
Does it also mean I have to install WINS service on server?
Seems so much to do!


I wouldn't suggest using LMHOSTS files. There is more than just putting a
name in an lmhosts file, besides it's being non-centralized.

I use a Pix 501, 506 and ASA 5505 at various clients with the legacy VPN
client and the newer SSL VPN Client. I use the internal DNS as well, for
when the VPN is connected, the default interface is the VPN interface, so it
will use the internal DNS to access AD and other things internally. I also
have Split Tunneling setup, so if the connected client want to access the
internet, they use their own gateway instead of the remote network gateway.

It should work setup such as this, however being old school, I use WINS fro
NetBIOS name resolution. Yes, it involves installing WINS on a server, (no
changes to DNS settings or zone property settings), but I do change the DHCP
settings for option 044 and 046 so all internal machines get the WINS
address, as well as setting the WINS address in my VPN Pool IP range. And
yes, I use a different IP range for VPN clients, just to keep them
separated, and access rules set to allow the VPN subnet access to the
internal subnet.

If you are having difficulty, and you own a Pix 515, I assume you've
purchased a 24/7 gold support contract. If so, simply put in a TAC request,
and those guys will be more than happy to setup the whole thing for you.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA
Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.



.

Relevant Pages

  • RE: VPN Issue
    ... 317025 You Cannot Connect to the Internet After You Connect to a VPN Server ... | first done with a standard usb broadband modem on XP Professional. ...
    (microsoft.public.windows.server.sbs)
  • Re: Sometimes it works sometimes it doesnt (VPN data issues)
    ... NIC1 "Internet" is set to ... (the IP of the external firewall) and the DNS is set to ... A connection between the VPN server and the VPN client xxx.xxx.xxx.xxx ...
    (microsoft.public.windows.server.networking)
  • RE: VPN Error code 800 HELP!
    ... Can you visit Internet and OWA on SBS server? ... Just one PC get error code 800 connecting VPN connecting to SBS? ...
    (microsoft.public.windows.server.sbs)
  • RE: Sharing VPN client connection
    ... as a VPN server, configure the internal clients to connect the remote ... office by VPN connection and then access to the Internet from the Remote ... Enable internal clients to access the Internet. ... On the server, go to My Network Places, click New Connection Wizard. ...
    (microsoft.public.windows.server.sbs)
  • Re: The OTHER problem with Netgear WGT624 (and probably others)
    ... |>|>Isolated network zone, enforced by router and firewall rules. ... My preferred solution is to put the server behind ... |>| authenticated VPN and blocks all outbound connections. ... |>How does VPN help an office connect to the internet? ...
    (alt.internet.wireless)