• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Host Name Resolution - VPN PPTP

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> Host Name Resolution - VPN PPTP Page: [1]
Login
Message << Older Topic   Newer Topic >>
Host Name Resolution - VPN PPTP - 3.Dec.2012 9:59:33 AM   
bjuser

 

Posts: 2
Joined: 3.Dec.2012
Status: offline
We are running an ISA 2006 server and PPTP VPN connection works fine. Clients are able to connect to internet, access Outlook, CRM, etc.
The problem we are encountering is that host name resolution is not working.

Example, when connected via VPN I can’t ping any box other than the VPN server by the host name.
I can ping everything fine via IP address. But for clients, they need to be able to access their “mapped” drives over the VPN which all are mapped by host name.

I recently took over this position and it sounds like this used to work. What would be the best place to check first? I haven’t had much exposure to ISA and have been reading up a bit on installation procedures, etc.

DNS is hosted and running on our domain controller, as well as WINS. It isn’t on the ISA box.

Is there a firewall policy that perhaps got removed? What usually is required for host name resolution to pass through.

Any help would be appreciated, thanks!
Post #: 1
RE: Host Name Resolution - VPN PPTP - 3.Jan.2013 11:33:13 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Make sure the VPN Clients are getting the correct DNS and WINS IP#s dynamically after they connect. They need to get teh same DNS and WINS off the DCs as any other client on the LAN gets.

You also want the client to have enabled "Use gateway on remote network" enabled in their dialup setting or you may get inconsistant behavor if they try looking at their own ISPs DNS or elsewhere rather than the one you want them to look at while connected.

Lastly,..VPN is just plain and simply an "imperfect world". If you want perfection and consistency,..that's probably never going to happen,..particularly with Remote Access VPN which follows the same general behavor as the old style Dial Up Connection technology. That,..in my opinion, is why VPNs are becoming a thing of the past and being replaced by things such as MS's Direct Access Terchnology that came out with Server 2008R2 (and enhanced by MS's UAG. The Site-to-Site VPNs are falling way to private MPLS (and similar) systems.

_____________________________

Phillip Windell

(in reply to bjuser)
Post #: 2
RE: Host Name Resolution - VPN PPTP - 7.Jan.2013 10:25:13 AM   
bjuser

 

Posts: 2
Joined: 3.Dec.2012
Status: offline
Thank you for your reply. I ended up having to bind the WINS server to the internal NIC. And that seemed to do the job. Even though connected clients were already getting correct server information when doing an ipconfig /all.

Yes I agree with you, when it comes to VPN there is a like a black box. Hard to troubleshoot.
We are looking at other solutions such as hardware firewalls, Barracuda and UAG.

(in reply to pwindell)
Post #: 3
RE: Host Name Resolution - VPN PPTP - 7.Jan.2013 10:39:14 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Firewalls are just firewalls. There is no functional difference. They all sit on some kind of hardware and they all run some kind of software. However I understand what you are trying to say. But the simpler the device the worse the VPN is to deal with. VPN requires a lot to make it behave properly and simpler devices just cannot do what is required to make VPN behave well. ISA/TMG is probably the best product in existence to make VPN as transparent as possible (yet you'll still fight battles with it).

Anyway, the UAG is probably the best product out there for getting the most out of MS's Direct Access Technology. However it is extremely difficult to get set up. I can not even begin to do it myself, nor help with it. I have pretty much backed out of all that kind of work and abandoned it. I just want to retire and move to a deserted island somewhere :-)

Windows Server 2008R2's "Direct Access" is simpler and already comes as part of the OS for free. I assume the new Windows Server 2012 has improved it even more. But again,..I don't touch it myself,...I only know "of" it,..but not "about" it.

_____________________________

Phillip Windell

(in reply to bjuser)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> Host Name Resolution - VPN PPTP Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts