PPTP Name Resolution

[saul]

I setup VPN using PPTP. I used one NIC. Everything works
fine. Except the IP address the server assigs itself is
associated with its name in WINS and DNS. I understand
this may be by design, (or not), but is this going to
cause name reolution issues? Will this conflict with its
static ip name record?

 

[Bill Grant]

Yes, this probably will cause name resolution and browsing problems. See
MS KB 292822 for ways to prevent the extra entries in DNS and WINS.

 

[Thomas W Shinder [MVP]]

Hi Saul,

Check out:

DNS Name Resolution Issues and Solutions for VPN Client/Server and VPN
Gateway to Gateway Connections [6680]
DNS problems constitute the single most common reason for failed access to
resources on VPN client/server and VPN gateway to gateway links. This
document discusses the most common, and most troublesome DNS server and DNS
client troubleshooting issues and how to prevent and fix them.
http://www.tacteam.net/isaserverorg/vpnkitbeta2/dnsvpn.htm

HTH,
--
Tom
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
ISA Server and Beyond Seminars - http://tinyurl.com/9sce
MVP -- ISA Server 2000


: I setup VPN using PPTP. I used one NIC. Everything works
: fine. Except the IP address the server assigs itself is
: associated with its name in WINS and DNS. I understand
: this may be by design, (or not), but is this going to
: cause name reolution issues? Will this conflict with its
: static ip name record?

 

[Bill Grant]

That's very true, Tom. But lots of small offices have just the one
server running everything, and use Network Neighborhood/My network Places
extensively on the LAN.

If they run RRAS as a VPN server on their first/only DC, they run into
a modern version of the old NT multihomed PDC problem, and the LAN machines
can't browse. With DDNS they can strike a similar problem, and the LAN
machines can't find the DNS server.

Bill Grant [MVP - Networking]

 

[Thomas W Shinder [MVP]]

Hi Bill,

The fixes for this problem are covered in the ISA Server 2000 VPN Deployment
Kit document. However, I highly and emphatically recommend against making
the ISA firewall a DC (put your Exchange and DC on the pix or netscreen, if
you want to put it on a firewall)

HTH,
--
Tom
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
ISA Server and Beyond Seminars - http://tinyurl.com/9sce
MVP -- ISA Server 2000


: That's very true, Tom. But lots of small offices have just the one
: server running everything, and use Network Neighborhood/My network Places
: extensively on the LAN.
:
: If they run RRAS as a VPN server on their first/only DC, they run
into
: a modern version of the old NT multihomed PDC problem, and the LAN
machines
: can't browse. With DDNS they can strike a similar problem, and the LAN
: machines can't find the DNS server.
:
: Bill Grant [MVP - Networking]
:
: : > Hi Saul,
: >
: > Check out:
: >
: > DNS Name Resolution Issues and Solutions for VPN Client/Server and VPN
: > Gateway to Gateway Connections [6680]
: > DNS problems constitute the single most common reason for failed access
to
: > resources on VPN client/server and VPN gateway to gateway links. This
: > document discusses the most common, and most troublesome DNS server and
: DNS
: > client troubleshooting issues and how to prevent and fix them.
: > http://www.tacteam.net/isaserverorg/vpnkitbeta2/dnsvpn.htm
: >
: > HTH,
: > --
: > Tom
: > www.isaserver.org/shinder
: > ISA Server and Beyond: http://tinyurl.com/1jq1
: > Configuring ISA Server: http://tinyurl.com/1llp
: > ISA Server and Beyond Seminars - http://tinyurl.com/9sce
: > MVP -- ISA Server 2000
: >
: >
: > : > : I setup VPN using PPTP. I used one NIC. Everything works
: > : fine. Except the IP address the server assigs itself is
: > : associated with its name in WINS and DNS. I understand
: > : this may be by design, (or not), but is this going to
: > : cause name reolution issues? Will this conflict with its
: > : static ip name record?
: >
: >
:
:

 

[Bill Grant]

Again very true. But this is the ras_routing newsgroup. Lots of people
here, and "lurkers" who read this newsgroup, are running simple one-server
networks.

I just wanted to make clear that, in a one server setup, it is not just
the remote client who will have problems if RRAS is enabled for VPN. The
existing browsing and name resolution on the LAN may also be disrupted.

Hi Bill,

The fixes for this problem are covered in the ISA Server 2000 VPN Deployment
Kit document. However, I highly and emphatically recommend against making
the ISA firewall a DC (put your Exchange and DC on the pix or netscreen, if
you want to put it on a firewall)

HTH,
--
Tom
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
ISA Server and Beyond Seminars - http://tinyurl.com/9sce
MVP -- ISA Server 2000


: That's very true, Tom. But lots of small offices have just the one
: server running everything, and use Network Neighborhood/My network Places
: extensively on the LAN.
:
: If they run RRAS as a VPN server on their first/only DC, they run
into
: a modern version of the old NT multihomed PDC problem, and the LAN
machines
: can't browse. With DDNS they can strike a similar problem, and the LAN
: machines can't find the DNS server.
:
: Bill Grant [MVP - Networking]
:
: : > Hi Saul,
: >
: > Check out:
: >
: > DNS Name Resolution Issues and Solutions for VPN Client/Server and VPN
: > Gateway to Gateway Connections [6680]
: > DNS problems constitute the single most common reason for failed access
to
: > resources on VPN client/server and VPN gateway to gateway links. This
: > document discusses the most common, and most troublesome DNS server and
: DNS
: > client troubleshooting issues and how to prevent and fix them.
: > http://www.tacteam.net/isaserverorg/vpnkitbeta2/dnsvpn.htm
: >
: > HTH,
: > --
: > Tom
: > www.isaserver.org/shinder
: > ISA Server and Beyond: http://tinyurl.com/1jq1
: > Configuring ISA Server: http://tinyurl.com/1llp
: > ISA Server and Beyond Seminars - http://tinyurl.com/9sce
: > MVP -- ISA Server 2000
: >
: >
: > : > : I setup VPN using PPTP. I used one NIC. Everything works
: > : fine. Except the IP address the server assigs itself is
: > : associated with its name in WINS and DNS. I understand
: > : this may be by design, (or not), but is this going to
: > : cause name reolution issues? Will this conflict with its
: > : static ip name record?
: >
: >
:
: