Hello, we have two ISA Servers that act as inbound VPN gateways for roaming users in our company. One server is ISA 2004 Enterprise the other is ISA 2006 Standard. The used VPN protocol is PPTP. Users log on with their AD username and password using windows embedded client.
IP configuration is distributed to VPN clients by our internal DHCP which also assigns DNS & WINS servers (both internals)
DHCP, WINS & DNS services reside on the same Win2003R2 server which also act as DC and RRAS server (it is the default gateway of our internal network).
VPN clients now have a firewall rule which allows "all outbound traffic" from the VPN clients networks towards External and DMZ.
Everything worked fine until now, when VPN clients appear not to be able to resolve DNS and WINS names anymore.
When the user is connected to VPN and tries to ping an internal server using either the NetBIOS or DNS name, the name gets resolved to an unknown public ip address (always the same).
If I perform an NSLookup from a VPN client, the correct DNS server answers and I am able to perform name resolution in the NSLookup environment.
I tried to configure an hosts file on a test computer and, of course, in this configuration everything works but I cannot use this solution as I have hundreds of roaming users all over the world...
Any idea of what might be happening ?
Thank you.
Regards,
Diego
Reply With Quote
Bookmarks