Welcome to ISAserver.org

VPN clients can't use internal DNS

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Firewall] >> VPN >> VPN clients can't use internal DNS

Page: [1]

Message

<< Older Topic Newer Topic >>

VPN clients can't use internal DNS - 1.Dec.2006 5:31:42 AM

Zulan

Posts: 39
Joined: 28.Nov.2006
Status: offline

Hello!

I am using ISA 2006. My external interface is using DHCP since my ISP requries this. Beacuse of this, my external interface get's the DNS servers of my ISP. I think this is why my VPN users can't resolve internal DNS. I just get:

Server: internal DNS IP
server can't find "computername": server failed.

I don't know if I can disable dns on the external interface or how this is supposed to be done. I have tried entering the internal DNS IP on the External interface but that didnt help much. Any ideas?

Post #: 1

Featured Links*

RE: VPN clients can't use internal DNS - 7.Dec.2006 7:58:32 PM

tshinder

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Zulan,

Most likely this is a WinXP SP2 bug (which was bugged in Vista too)

You need to configure the client so that the RAS interface it at the top of the interface list and stays there. Stefaan Pouseele wrote something about this on this site.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to Zulan)

Post #: 2

RE: VPN clients can't use internal DNS - 8.Dec.2006 4:54:16 AM

Zulan

Posts: 39
Joined: 28.Nov.2006
Status: offline

Hi Tshinder and thanks for your reply.

Stefaan wronte:

As we already know from the past, manually placing the RRAS adapter to the top of the connections list in the Advanced Settings dialog box of the Network and Dial-up Connections tool does not solve the problem.

______________________

However, he does have a solution explained in this article:

http://www.isaserver.org/tutorials/work-around-VPN-clients-split-DNS.html

Problem is if I understand this rule it means the changes are done on the client wich isn't really preferable if you have alot of clients. I found another on this forum about adding prefixes to the client through CMAK. Works like a charm.

< Message edited by Zulan -- 8.Dec.2006 4:57:09 AM >

(in reply to tshinder)

Post #: 3

RE: VPN clients can't use internal DNS - 8.Dec.2006 6:14:55 PM

Jason Jones

Posts: 2121
Joined: 30.Jul.2002
From: United Kingdom
Status: offline

Yet again CMAK to the rescue, it really is an amazing tool that too few people know about...

_____________________________

Jason Jones (MVP)

Silversands Limited http://www.silversands.co.uk
My Blog: http://blog.msfirewall.org.uk/

Get our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to Zulan)

Post #: 4

RE: VPN clients can't use internal DNS - 9.Dec.2006 5:47:27 AM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Zulan,

for the solution I described in my article http://www.isaserver.org/tutorials/work-around-VPN-clients-split-DNS.html I use also the CMAK to glue all the different pieces together.

HTH,
Stefaan

(in reply to Jason Jones)

Post #: 5

RE: VPN clients can't use internal DNS - 9.Dec.2006 6:22:50 PM

lemmy

Posts: 12
Joined: 6.Mar.2006
Status: offline

Wow great thanks for the article. Now I solved the problem due to we were not able to phone over our vpn with our telephone system.

Juergen

(in reply to spouseele)

Post #: 6

RE: VPN clients can't use internal DNS - 10.Dec.2006 2:34:31 PM

tshinder

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline

Three cheers for Stefaan!!!

Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to lemmy)

Post #: 7

RE: VPN clients can't use internal DNS - 10.Dec.2006 5:37:39 PM