F
Freedom
Hi,
We have a Win2K VPN Server using NAT behind a Firewall. Public IP is
66.x.x.x, Private IP is 10.0.0.x. The VPN server uses DHCP to assign
Private Corporate LAN IP addresses (10.0.0.x) to clients when they connect.
Multiple employees connect from home using the built-in Win2K Pro or WinXP
Pro VPN client, via their Cable or DSL modems. Most home users have DHCP
from their ISPs, and the company has provided them each with a LinkSys SOHO
firewall. Therefore, for this example, their Public IP may be 12.x.x.x and
their Private Home LAN IP may be 192.168.x.x.
Diagram would look like this:
Win2K Server (10.0.0.x) <--> Corp Firewall (66.x.x.x) <--> Home Firewall
(12.x.x.x) <--> Win2K/WinXP Pro PC (192.168.x.x)
Clients can connect via PPTP just fine, and can ping via IP or NetBIOS name.
Problem is this:
Sometimes, the Server's DNS and WINS services register the Private IP from
the client's HOME location (192.168.x.x). In other words, we see entries in
our DNS and WINS servers that incorrectly say "MachineName = 192.168.x.x"
instead of the proper Corporate LAN IP ("MachineName = 10.0.0.x). As a
result, traffic is not properly routed to the remote user, and even though
they are connected via VPN, they cannot access any network resources
(Exchange, etc). How do we guarantee that ONLY the DHCP address given by
the VPN server (10.0.0.x) gets registered into the DNS and WINS services?
Thank you in advance!
-- Freedom
We have a Win2K VPN Server using NAT behind a Firewall. Public IP is
66.x.x.x, Private IP is 10.0.0.x. The VPN server uses DHCP to assign
Private Corporate LAN IP addresses (10.0.0.x) to clients when they connect.
Multiple employees connect from home using the built-in Win2K Pro or WinXP
Pro VPN client, via their Cable or DSL modems. Most home users have DHCP
from their ISPs, and the company has provided them each with a LinkSys SOHO
firewall. Therefore, for this example, their Public IP may be 12.x.x.x and
their Private Home LAN IP may be 192.168.x.x.
Diagram would look like this:
Win2K Server (10.0.0.x) <--> Corp Firewall (66.x.x.x) <--> Home Firewall
(12.x.x.x) <--> Win2K/WinXP Pro PC (192.168.x.x)
Clients can connect via PPTP just fine, and can ping via IP or NetBIOS name.
Problem is this:
Sometimes, the Server's DNS and WINS services register the Private IP from
the client's HOME location (192.168.x.x). In other words, we see entries in
our DNS and WINS servers that incorrectly say "MachineName = 192.168.x.x"
instead of the proper Corporate LAN IP ("MachineName = 10.0.0.x). As a
result, traffic is not properly routed to the remote user, and even though
they are connected via VPN, they cannot access any network resources
(Exchange, etc). How do we guarantee that ONLY the DHCP address given by
the VPN server (10.0.0.x) gets registered into the DNS and WINS services?
Thank you in advance!
-- Freedom