Re: DNS While PPTP / IPSec VPN is open
- From: v-gzwang@xxxxxxxxxxxxxxxxxxxx (Guozhen Wang[MSFT])
- Date: Mon, 02 Jun 2008 10:29:59 GMT
Hello Juha,
Thank you for your post and thanks for Joe's great help.
My name is Gary Wang, and it is my pleasure to work with you on this issue!
Please allow me to confirm that my understandings are correct. As I
understand it, the issue is:
You have set IPSec VPN between SBS server and a remote hardware firewall,
then the remote client who is using Windows VPN to establish connection
with SBS server cannot have internet access.
If I have misunderstood your concerns please feel free to let me know.
Also, I am not quiet sure whether your issue had been resolved or not.
However, if you have any further issue, please feel free to post here, I
will be happy to provide assistance.
And if the problem still persists, please help to confirm the following
information:
1. Do you install ISA server 2004 on SBS?
2. How do you establish VPN to hardware firewall? Is it site-to-site VPN?
3. Why do you need PPTP VPN after the IPSec VPN?
You may like refer to the following document to ensure that your
configuration of IPSEC VPN is correct:
Configuring IPSec Site-to-Site Connections Between ISA Server 2004 and
Third-Party Gateways
http://technet.microsoft.com/en-us/library/cc302468.aspx
I look forward to your reply. Also, if you have any questions or concerns,
please do not hesitate to let me know. I am happy to help. :-)
Thank you for your time and cooperation!
Best regards,
Gary Wang(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: DNS While PPTP / IPSec VPN is open
| thread-index: AcjEkfj8J3W8nTnsQSiY0hfQHZeA9A==
| X-WBNR-Posting-Host: 207.46.19.168
| From: =?Utf-8?B?SnVoYQ==?= <Juha@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <891D28EF-285D-4A28-BC5B-EB48EA184A80@xxxxxxxxxxxxx>
<uKGimQzwIHA.5096@xxxxxxxxxxxxxxxxxxxx>
| Subject: Re: DNS While PPTP / IPSec VPN is open
| Date: Mon, 2 Jun 2008 02:21:00 -0700
| Lines: 62
| Message-ID: <FDE2A34E-57F2-430A-82DC-41E38B9BC523@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:110347
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi Joe
|
| Thanks for your answer. I just tested it and it works fine!
|
| Juha
|
| ===========
| "Joe" wrote:
|
| > Juha wrote:
| > > Hi you all
| > >
| > > This has bothered me a long time. I typically configure Remote Access
to SBS
| > > files by:
| > >
| > > 1. First connecting a SW IPSec VPN to HW FW.
| > > 2. After connected I start PPTP Windows VPN to login to SBS server.
| > >
| > > The problem:
| > >
| > > Usually IE works fine after the IPSec VPN establismnet, but after Win
PPTP
| > > VPN it doesn't work. It might work if the remote user and the SBS
network has
| > > same ISP but if not, the IE dosn't work. I usually configure the FW
to
| > > provide DHCP and SBS server to provide DNS.
| > >
| > Any machine using SBS services must use only the SBS as DNS server.
This
| > is not negotiable. When a PPP link to the SBS is made (PPTP VPN) then
| > the SBS must be named as DNS server for the link, and this takes
| > priority over whatever DNS server was previously in use on the remote
| > client.
| >
| > So what goes wrong then? The SBS must function as a standard Internet
| > DNS server, or its LAN users would have problems. For Internet use,
| > which DNS server you use shouldn't matter. Your remote client should
get
| > DNS information from the SBS which is exactly the same as your ISP's
DNS
| > server would provide. You don't get different Internet DNS information
| > from different servers.
| >
| > > Any ideas where to place forwarders or what?.
| >
| > You specify forwarders in the CEICW wizard. This is where the SBS will
| > get its external DNS information. Or you can leave them blank, in which
| > case the SBS will start from the Root Servers and query remote DNS
| > servers itself. SBS has a full-function DNS client-server, not just a
cache.
| >
| > By placing remote workers
| > > ISP's DNS to Win DNS server (forwarders) doesn't help. My remote
workers will
| > > use VPN via several ISPs.
| > >
| >
| > Again, that really does not matter. While you can often only get access
| > to an ISP's DNS servers while connected to that ISP, that doesn't
matter
| > here, as the remote clients will all use the SBS while connected to it.
| >
| > The clients will only have trouble if the SBS DNS system is not running
| > correctly. You need to make sure that the SBS only uses itself as DNS
| > server. If you run ipconfig /all from a command window on the SBS, it
| > must name only itself as DNS server. All the LAN machines must also
show
| > only the SBS as DNS server. While the PPTP VPN is open, the same
command
| > on the remote client should show only the SBS as DNS server for the PPP
| > adaptor.
| >
|
.
- References:
- Re: DNS While PPTP / IPSec VPN is open
- From: Juha
- Re: DNS While PPTP / IPSec VPN is open
- Prev by Date: Re: 1 Notebook unable to log in
- Next by Date: Re: Port 443 Question
- Previous by thread: Re: DNS While PPTP / IPSec VPN is open
- Next by thread: RE: ISA - The size of the response header is too large.
- Index(es):
Relevant Pages
|
Loading
