VPN Client Name Resolution

  • Thread starter Thread starter Jason E
  • Start date Start date
J

Jason E

We have an Intranet we would like to make available over
the Internet.
We want to be able to design the Intranet site so it uses
names resolvable internally by our dns to LAN ips, and
extrernally to public IPs. Eg. data.company.com when
connected to the LAN resolves to a 192.168.1.x and the
same name resolves to 67.153.212.x when accesses from the
Intrernet.
This setup works fine until my VPN clients come into the
mix. They try to resolve the name to the external
address, but I need them to resolve it to the internal
address in order to access the resources through the vpn
tunnel.
The VPN tunnels terminate at a RRAS server, not a multi-
homed VPN server. The whole shebang is behind a 3rd party
firewall.

Suggestions?
Thanks!
Jason E
 
When the remote clients connect, they should receive the DNS server
address as part of the connection process. This should be the DNS address
configured on the RRAS server, which should be your internal DNS server. So
the remote clients should be using the same DNS server as the LAN clients
when they are connected to the intranet by VPN. Do you have the remote
clients configured to obtain the name server automatically in their
connection properties?
 
Yes, the vpn/ras clients get a dhcp assigned ip address,
dns address, etc. It appears, however, that this may not
be the "preferred" route for resolving these names.

We have two zones in our AD integrated DNS; one is for
the "internal only" domain and one is for the
second "company.org" domain that has addresses that
resolve on the Internet.

Jason
 
You need to have a look at split horizon DNS, or post your problem
in the DNS newgroup. Your internal (and VPN) clients should only see the
zone with internal IPs, and external clients should only see the zone with
public IPs.
 
Back
Top