Hi Michael, You already have the infrastructure set up for a split DNS, as your internal domain is a subdomain of your external domain. Just mirror your public records on the Internal domain but map them public servers to their Internal addresses. No reason to add new servers. You're not in a pinch like those with .local illegal TLDs, but even in that case, you can create a second domain to support the split DNS and not require additional servers. My only reservation in those circumstances is when they want to host their own public records, and they want to host them on the same machines they use to host their private records. HTH, Tom -----Original Message----- From: Michael Ellis [mailto:isalist@xxxxxxxx] Sent: Tuesday, September 14, 2004 8:15 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: RRAS Problems after NT4 Domain Upgrade to 2003 http://www.ISAserver.org Tom's article is written for the case where you use your public domain name for the internal network as well. In my case we use "pesa.com" for the external domain name and "hsv.pesa.com" for the internal domain. The domain name "hsv.pesa.com" is only used by internal clients - it is not publicly accessible. For name resolution I have internal DNS servers (W2K3) set to resolve *.hsv.pesa.com and to forward anything else to our ISP's DNS servers for resolution. I'm no expert on DNS and would like to know more. Can you point me to a good resource on Windows DNS? It seems that for my case I should be able to use my existing DNS server to redirect *certain* public names to an internal host while allowing other public names to be resolved by the external DNS servers. For example, I host our mail server (mail.pesa.com) but not our web server (www.pesa.com). I would like to redirect internal clients to mailserver.hsv.pesa.com while allowing the www.pesa.com to be resolved externally. How can I do this with my existing DNS server? For that matter, how can I intercept and redirect any arbitrary host name using Win 2K3 DNS? I'm not ignoring the split DNS approach, but I'm running a small network and would not like to deploy additional servers if at all possible. -- Michael Ellis ----- Original Message ----- From: Jim Harrison To: [ISAserver.org Discussion List] Sent: Monday, September 13, 2004 4:15 PM Subject: [isalist] Re: RRAS Problems after NT4 Domain Upgrade to 2003 http://www.ISAserver.org That scenario was never supported anyway. It's the "isotropic IP bounce" technique that causes your ISA to lose its mind over time. Use Tom's split DNS article and your life will be much easier. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ----- Original Message ----- From: "Michael Ellis" <isalist@xxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, September 13, 2004 13:01 Subject: [isalist] Re: RRAS Problems after NT4 Domain Upgrade to 2003 http://www.ISAserver.org Glad to be of service. I more or less stumbled upon the SP2 solution after scouring the MS KB, Googling in vain and asking for suggestions here (no responses were forthcoming). I should also note that applying SP2 "broke" a feature that the good folks here rather bluntly told me not to do. Before SP2 I was able to point an application running on an internal client to the public IP address of a server hosted internally and have ISA loop data back to my server. Alas, this (seemingly unsupported) feature no longer works. Michael Ellis ----- Original Message ----- From: Paul Crisp To: [ISAserver.org Discussion List] Sent: Monday, September 13, 2004 2:44 PM Subject: [isalist] Re: RRAS Problems after NT4 Domain Upgrade to 2003 http://www.ISAserver.org All sorted, thanks again Michael. Seems that SP2 done the trick.............. why oh why don't MS update their knowledge base to include the information about ISA SP2, could have saved me half the day !! Cheers again Paul ----- Original Message ----- From: "Paul Crisp" <PCrisp@xxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, September 13, 2004 3:14 PM Subject: [isalist] Re: RRAS Problems after NT4 Domain Upgrade to 2003 > http://www.ISAserver.org > > Hmmm, first point i have done already. I'll double check that SP2 is > installed and look at the remote access policy. > > Cheers Michael > > ----- Original Message ----- > From: "Michael Ellis" <isalist@xxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Monday, September 13, 2004 2:11 PM > Subject: [isalist] Re: RRAS Problems after NT4 Domain Upgrade to 2003 > > >> http://www.ISAserver.org >> >> Make sure that the ISA machine has been added to the "RAS and IAS >> Servers" >> group, and make sure that ISA server SP2 has been installed. These > two >> items seemed to fix the problem for me. >> >> Also take a look at the Remote Access Policy for your domain. >> >> -- >> Michael Ellis >> >> >> ----- Original Message ----- >> From: Paul Crisp >> To: [ISAserver.org Discussion List] >> Sent: Monday, September 13, 2004 6:31 AM >> Subject: [isalist] RRAS Problems after NT4 Domain Upgrade to 2003 >> >> >> http://www.ISAserver.org >> >> Upgrade our NT4 domain on Friday, went through no problem (pheww). >> Now Monday morning, and finding our VPN users can no longer connect to >> the >> network I'm getting the following error >> >> Error 930: the authentifcation server did not respond to > authentication >> requests in a timely fashion >> >> Running ISA 2000 by the way on a Windows 2000 server. Have looked at > the >> MS >> articles and everything seems fine, anyone got any tips or pointers >> >> Cheers in advance >> >> Paul Crisp >> Snr Network Support Analyst >> >> >> ------------------------------------------------------ >> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ >> ------------------------------------------------------ >> Other Internet Software Marketing Sites: >> World of Windows Networking: http://www.windowsnetworking.com >> Leading Network Software Directory: http://www.serverfiles.com >> No.1 Exchange Server Resource Site: http://www.msexchange.org >> Windows Security Resource Site: http://www.windowsecurity.com/ >> Network Security Library: http://www.secinf.net/ >> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com >> ------------------------------------------------------ >> You are currently subscribed to this ISAserver.org Discussion List as: >> isalist@xxxxxxxx >> To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist >> Report abuse to listadmin@xxxxxxxxxxxxx >> >> >> >> ------------------------------------------------------ >> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ >> ------------------------------------------------------ >> Other Internet Software Marketing Sites: >> World of Windows Networking: http://www.windowsnetworking.com >> Leading Network Software Directory: http://www.serverfiles.com >> No.1 Exchange Server Resource Site: http://www.msexchange.org >> Windows Security Resource Site: http://www.windowsecurity.com/ >> Network Security Library: http://www.secinf.net/ >> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com >> ------------------------------------------------------ >> You are currently subscribed to this ISAserver.org Discussion List as: >> pcrisp@xxxxxxxxxxxxxxxxx >> To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist >> Report abuse to listadmin@xxxxxxxxxxxxx >> > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > pcrisp@xxxxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx