RE: VPN Questions

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 4 Mar 2003 19:13:52 -0600

Hi Joseph,

The DNS comment was just sort of a "oh, by the way", in that if you have
servers on the DMZ that need to resolve either DMZ host names or
published servers on the internal network, you can put that DNS server
on the internal network and publish it. That's how I usually handle
things when doing the split DNS thing.

Outbound VPN access should not require the same setup, as you can use
the PPTP passthrough feature to access external VPN servers. IIRC, the
double NAT doesn't cause too much of a problem ;-)

HTH,
Tom

Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 



-----Original Message-----
From: cismic [mailto:cismic@xxxxxxx] 
Sent: Tuesday, March 04, 2003 1:24 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] VPN Questions
Sensitivity: Confidential


http://www.ISAserver.org


Hi Thomas,

I've been re-reading the VPN in a back to back setting and have a
question
about the following statement and how it applies to DNS.

http://www.isaserver.org/tutorials/Configuring_VPN_Access_in_a_Back_to_B
ack_
ISA_Server_Environment.html
"One other thing you might want to do is configure a DNS server
publishing
rule on the internal ISA Server, if you wish the DMZ hosts to use a DNS
server on your internal network. This is not required by the back to
back
ISA Server VPN configuration, but it's something you should think
about."  

I'm not sure if you meant that it is a good thing to publish the DNS
server
on the internal network or not and just looking for clarification on
that
issue. Also, would this be the same setup to VPN out through the back to
back setup?  From my internal network through the internal firewall
through
the dmz and out through the external vpn?  


Thank you,
Joseph

"I am only one, but I am one. I cannot do everything, but I 
 can do something. And because I cannot do everything, I will 
 not refuse to do the something that I can do. What I can do, 
 I should do. And what I should do, by the grace of God, 
I will do." - 

Edward Everett Hale 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » VPN Questions
• » RE: VPN Questions
• » RE: VPN Questions
• » RE: VPN Questions
• » RE: VPN Questions
• » RE: VPN Questions
• » RE: VPN Questions
• » RE: VPN Questions
• » RE: VPN Questions
• » RE: VPN Questions
• » VPN Questions
• » VPN Questions

1. Home
2. isalist
3. Archive
4. 03-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---