VPN - Prevent remote LAN IP from registering in DNS and WINS?


F

Freedom

Hi,

We have a Win2K VPN Server using NAT behind a Firewall. Public IP is
66.x.x.x, Private IP is 10.0.0.x. The VPN server uses DHCP to assign
Private Corporate LAN IP addresses (10.0.0.x) to clients when they connect.

Multiple employees connect from home using the built-in Win2K Pro or WinXP
Pro VPN client, via their Cable or DSL modems. Most home users have DHCP
from their ISPs, and the company has provided them each with a LinkSys SOHO
firewall. Therefore, for this example, their Public IP may be 12.x.x.x and
their Private Home LAN IP may be 192.168.x.x.

Diagram would look like this:
Win2K Server (10.0.0.x) <--> Corp Firewall (66.x.x.x) <--> Home Firewall
(12.x.x.x) <--> Win2K/WinXP Pro PC (192.168.x.x)

Clients can connect via PPTP just fine, and can ping via IP or NetBIOS name.

Problem is this:
Sometimes, the Server's DNS and WINS services register the Private IP from
the client's HOME location (192.168.x.x). In other words, we see entries in
our DNS and WINS servers that incorrectly say "MachineName = 192.168.x.x"
instead of the proper Corporate LAN IP ("MachineName = 10.0.0.x). As a
result, traffic is not properly routed to the remote user, and even though
they are connected via VPN, they cannot access any network resources
(Exchange, etc). How do we guarantee that ONLY the DHCP address given by
the VPN server (10.0.0.x) gets registered into the DNS and WINS services?

Thank you in advance!
-- Freedom
 
Ad

Advertisements

A

Ace Fekay [MVP]

See if these help.

246804 - How to Enable-Disable Windows 2000 Dynamic DNS Registrations
[including RRAS]:
http://support.microsoft.com/default.aspx?scid=kb;en-us;246804

296379 - How to Disable NetBIOS on an Incoming Remote Access Interface [Reg
Entry]:
http://support.microsoft.com/?id=296379

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
F

Freedom

Thank you for the pointers! I'll check them out. Still open to any other
ideas or resources regarding below issue.

Thanks!
-- Freedom


"Ace Fekay [MVP]"
message See if these help.

246804 - How to Enable-Disable Windows 2000 Dynamic DNS Registrations
[including RRAS]:
http://support.microsoft.com/default.aspx?scid=kb;en-us;246804

296379 - How to Disable NetBIOS on an Incoming Remote Access Interface [Reg
Entry]:
http://support.microsoft.com/?id=296379

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Ad

Advertisements

A

Ace Fekay [MVP]

In
Freedom said:
Thank you for the pointers! I'll check them out. Still open to any
other ideas or resources regarding below issue.

Thanks!
-- Freedom

A HOSTS file you create to put on your laptops. I've seen this to be the
best all around method.
--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top