Strange DNS through VPN issue

[Guest]

Archived from groups: microsoft.public.windowsnt.protocol.ras (More info?)

Here is my setup:

ras3.domain.com - single nic (but has virutal internal connection for
routing) NAT running on LAN. Port redirection in router for VPN access. VPN
does connect and DHCP Passthrough is working. Virtual nic IP 192.168.0.251
Actual LAN IP 192.168.0.9

Client - Win XP, VPN connection connects. I get an IP, DHCP assigns IP,
Wins and DNS addresses. If from the client computer I try to ping any other
servers on our LAN they all come back with a reply from a public IP Address
of our domain website. we only have one dns record in our DNS system with
the IP it comes back with. Its the www record in our internal dns record for
our domain name. So in effect, I try to ping any server say mail.domain.com
I get a reply with the IP of the www record for our domain. When I ping
mail.domain.com I should be getting a 192.168.0.X reply, but instead I get a
reply from www.domain.com. Client settings are all correct, dns and WINS
servers are correctly received, but its like the RAS server is resolving the
name to the public IP and shooting the traffic to the default gateway which
is our internet router, which then sends it right where the RAS server
thought it was, which is the public IP of our domain. I want DNS to be
queried from our DNS servers, not from the RAS server which does not have DNS
running on it. Is the virtual connection that is acting as a router
necessary, or can I remove it for VPN access?

Any other thoughts, questions, comments?

Thanks

 

[Guest]

Archived from groups: microsoft.public.windowsnt.protocol.ras (More info?)

Sorry, DNS is running on the VPN Server running RAS. Also, I tried enabling
DNS to listen on the virtual IP address listed in RAS, that didn't result in
anything different. Then, I did some testing from a client with nslookup.
if I set nslookup to use my lan dns server on the Network I am connecting to
with VPN, and try to lookup the mail server name, I get the correct IP
address, 192.168.0.X, however, if I tried to ping the FQDN (which is what
outlook defaults to even if you enter only the server name) I get the Public
IP of our website. I am checking the public DNS now, but aparently because
mail.domain.com points to a web resource or public resource, my home client
DNS is resolving the name for me, which gives me the wrong IP that points to
our website. So its like "internet traffic" is routed through the client
DNS, not through the VPN to the DNS servers that are assigned through DHCP to
the client. Is there any way to force all traffic through the VPN to avoid
this issue?

Thanks

"ACE-Joe" wrote:

> Here is my setup:
>
> ras3.domain.com - single nic (but has virutal internal connection for
> routing) NAT running on LAN. Port redirection in router for VPN access. VPN
> does connect and DHCP Passthrough is working. Virtual nic IP 192.168.0.251
> Actual LAN IP 192.168.0.9
>
> Client - Win XP, VPN connection connects. I get an IP, DHCP assigns IP,
> Wins and DNS addresses. If from the client computer I try to ping any other
> servers on our LAN they all come back with a reply from a public IP Address
> of our domain website. we only have one dns record in our DNS system with
> the IP it comes back with. Its the www record in our internal dns record for
> our domain name. So in effect, I try to ping any server say mail.domain.com
> I get a reply with the IP of the www record for our domain. When I ping
> mail.domain.com I should be getting a 192.168.0.X reply, but instead I get a
> reply from www.domain.com. Client settings are all correct, dns and WINS
> servers are correctly received, but its like the RAS server is resolving the
> name to the public IP and shooting the traffic to the default gateway which
> is our internet router, which then sends it right where the RAS server
> thought it was, which is the public IP of our domain. I want DNS to be
> queried from our DNS servers, not from the RAS server which does not have DNS
> running on it. Is the virtual connection that is acting as a router
> necessary, or can I remove it for VPN access?
>
> Any other thoughts, questions, comments?
>
> Thanks