Re: Internet Down - When VPN Down - [WP]

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Ace thanks for your input.

I understand what you say.

Is there a way how can I confirm/check that the Internet traffic is not
going via the VPN link while the VPN link is up???






"Ace Fekay [Microsoft Certified Trainer]" wrote:

In news:21B3AA6C-7B84-48CF-A913-CED70522CE12@xxxxxxxxxxxxx,
WildPacket <WildPacket@xxxxxxxxxxxxxxxxxxxxxxxxx>, posted the following:
Gentlemen, first let me thank you for your valuable advise.

@DannyS: Gateway is there in the DHCP Scope, I just forgot to
mention here, Sorry about that.

@PhilipW: Should I put my ISPs DNS in the field where it says ...All
Other DNS Domains???? I will remove the IPs from Selected Domains
once you confirm.

ADSites Services is setup accordingly .....no issues there.

On this DC in question on TCP/IP properties I had the SDNS set as the
DNS in the Headoffice I removed that too upon your suggestion.

@AceF: We are having issues with our VPN link at the HeadOffice we
are working with the ISP. Its been intermittent from the past few
months. Our Firewall team looks at that we use Juniper hardware for
Firewall purposes.

When the link in headoffice goes down the users in this remote site
cannot even browse the internet. When I tested this site with my
current settings it worked but now like you guys suggested I will
change the settings and read up a bit more on this DNS and see how it
goes.

Advise further please.

Thank you.

That explains why you can't get internet access. All traffic is going
through the VPN. The only real way around that is to make sure the line and
VPN stays up.

As for SDNS, I'm not sure I know what that is, unless I missed something in
this thread? I would just leave itself as the first entry, and you can
either leave the second one blank, or set the headquarters DNS. Either way,
make sure at least itself is first.

All other domains is fine for the ISP forwarder.

But the main issue appears to be your ISP. Juniper, Cisco, Netscreen,
Nortels, etc, are pretty reliable, but they are only as reliable as the ISP
line being up.

Ace


.

Relevant Pages

  • Getting around DNS security hole
    ... find out if your ISP has a DNS security problem. ... basic Internet address system, known as the Domain Name System, is ...
    (soc.retirement)
  • Re: Bringing DNS In-house
    ... I would handle all of you internal dns resolutions internally and those addresses that you can't resolve forward to your isp. ... It is a good practice to forward all requests to your isp thereby having the ISP do all the lookup work and not expose your internal ip addresses. ... For failover I have 2 seperate internet feeds with 2 seperate ... ISP (as we use their name servers for our domain name). ...
    (microsoft.public.windows.server.dns)
  • Re: Bringing DNS In-house
    ... I would handle all of you internal dns resolutions internally and those addresses that you can't resolve forward to your isp. ... It is a good practice to forward all requests to your isp thereby having the ISP do all the lookup work and not expose your internal ip addresses. ... For failover I have 2 seperate internet feeds with 2 seperate ... ISP (as we use their name servers for our domain name). ...
    (microsoft.public.windows.server.dns)
  • Re: Bringing DNS In-house
    ... Nonetheless, extrapolating on what you said, the major issue here is if the one line were ever to go down, and his public nameservers are published based on that specific ISP that went down, there will be a LONGER delay changing the IP addresses of the published hostname servers, so the TTL of a record becomes a moot point. ... If redundancy and immediate failover for the company's circuit is crucial, te best way to avert this is to keep DNS maintained offsite with a reliable hosting company. ... In this fashion, he can forward from internal to these servers in the DMZ, then those would forward out to something else reliable on the internet. ...
    (microsoft.public.windows.server.dns)
  • Re: Urgent! New router and big disaster
    ... Both NICs should point to his internal IP for DNS. ... forward ports to it reliably in the router. ... I should have been more clear about internet connection.. ...
    (microsoft.public.windows.server.sbs)