Hi Paul,
Thanks! I promise as soon as that section in chapter 6 is done, I'll give it
away on
www.isaserver.org!
--
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
: Ah well, the 2004 book *is* more important.
:
: I'll let you off...
:
: Glad to hear that's coming along ;-)
:
: --
:
: Paul Williams
: _________________________________________
:
http://www.msresource.net
:
:
: Join us in our new forums!
:
http://forums.msresource.net
: _________________________________________
:
:
: : Hi Paul,
:
: LOL! I do think about it everyday.
:
: I've been busy writing the ISA 2004 book, so it keeps getting on the back
: burner. The good news is that chapter6 will have the complete VMware
: procedure for the example network used throughout the book. So, by the
time
: Chapter 6 is finished, that content will be ready and I'll post it to the
:
www.isaserver.org site (No, don't ask me to do it for VPC too
:
: Thanks!
: --
: Tom
:
www.isaserver.org/shinder
: Get the book!
: Tom and Deb Shinder's Configuring ISA Server 2004
:
http://tinyurl.com/3xqb7
: MVP -- ISA Firewalls
:
:
: : : Hey Tom, we don't see you here often ;-)
: :
: : How's that ISA/VMware article coming along???
: :
: : (I'll have to write it myself at this rate <grin>)
: :
: : --
: :
: : Paul Williams
: : _________________________________________
: :
http://www.msresource.net
: :
: :
: : Join us in our new forums!
: :
http://forums.msresource.net
: : _________________________________________
: : : : Hi Bill,
: :
: : I routinely turn off this function for VPN clients, as you'll end up
with
: a
: : holy mess of your own making. However, you are correct, the VPN clients
: can
: : leverage DDNS to register their names and create subsequent problems.
: :
: : HTH,
: : --
: : Tom
: :
www.isaserver.org/shinder
: : ISA Server and Beyond:
http://tinyurl.com/1jq1
: : Configuring ISA Server:
http://tinyurl.com/1llp
: : ISA Server and Beyond Seminars -
http://tinyurl.com/9sce
: : MVP -- ISA Server 2000
: :
: :
: : : : : On re-reading the original post, we (except Herb) seem to be
missing
: : the
: : : point. What he really wants to do is resolve the name of the remote
: client
: : : from the LAN end. This requires the remote client to register its name
: and
: : : VPN IP address correctly in WINS and/or DNS.
: : :
: : : Registering in WINS should work as long as the client gets the
: correct
: : : WINS address. The problem with registering "transient" connections in
: WINS
: : : is that they hang around for quite a while after the user disconnects.
: : :
: : : One suggestion I have seen (and tried in a test setup) uses DDNS.
: : : Create a zone for the remotes (say remotes.mydomain.com ) and set the
: : client
: : : to register in DNS with this suffix. The zone should, at any time,
have
: : : entries for all currently connected remote clients.
: : :
: : : "Ace Fekay [MVP]"
: : : message : : : > In : : : > ptwilliams in <
[email protected]> posted their thoughts, then I
: : offered
: : : > mine
: : : > > >You mean lowest numeric for the preferred "interface", right?
: : : > > (So what we really need to do is bump the cost up on the hardware
: : : > > NICs so that they will always be greater.)
: : : > >
: : : > > Yes, I always use highest - but I meant highest as in highest
: : : > > priority - lowest number in reality ;-)
: : : > >
: : : > >
: : : > > >I don't think this is dynamic though when the interfaces are
: : : > > added; is that correct or not? At least not for NEW
"registration"
: : : > > -- it will start using that DNS for resolution and will register
: : : > > there if we Re-Register DNS (or WINS) but it won't just do it
: without
: : : > > prompting I think.
: : : > >
: : : > > I honestly don't know!! I guess it depends on the DNS
Registration
: : : > > settings, and the aging settings...but I'm not sure.
: : : > >
: : : > > I see what you are saying, and this is perhaps not dynamic enough;
: : : > > but with a little effort it certainly works. The issue is, as you
: : : > > imply, for non-admin users... :-(
: : : > >
: : : > >
: : : >
: : : > As with anything else, something to be tested. I've heard of so many
: : : > different solutions, its hard to say what's best. But whatever works
: is
: : : what
: : : > I say!
: : : >
: : : >
: : : > --
: : : > Regards,
: : : > Ace
: : : >
: : : > Please direct all replies ONLY to the Microsoft public newsgroup so
: all
: : : > can benefit.
: : : >
: : : > This posting is provided "AS-IS" with no warranties and confers no
: : : > rights.
: : : >
: : : > Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
: : : > Microsoft Windows MVP - Active Directory
: : : >
: : : > HAM AND EGGS: A day's work for a chicken; A lifetime commitment for
a
: : : > pig. --
: : : > =================================
: : : >
: : : >
: : :
: : :
: :
: :
: :
:
:
: