| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] Split Horizon DNS w/ Split DNS for VPN
I am running NT SP6a, with FW-1/VPN-1 4.1 SP2, and SecuRemote 4165
Everything is working as expected with the SecuRemote client, dnsinfo.c is
correct, etc...
I can browse the encdomain fine, ping machines in the encdomain fine, etc...
I have set up split horizin DNS; internal clients will resolve www.xyz.com
to the non-routable DMZ IP address, while external (web) users will be
resolved to the routable IP and NAT'd to the non-routable DMZ. This is all
working fine.
Now I have a SecuRemote client who is configured and working properly using
the dnsinfo.c (lots of fun when you have fat fingers), and can ping and
browse my encyption-domain. My DMZ is NOT part of the encryption Domain,
and adding it doesn't fix anything. So, if I ping machineA.xyz.com from the
SecuRemote client I get a successful reply. But if I try to hit the website
www.xyz.com, it resolves to the non-routable DMZ IP and I can not browse it,
or a ping also does not work.
I can get aroung this by adding the routable IP entry to the hosts file -
this is unacceptable though.
If I need to have my internal DNS servers resolve these to the routable IP,
can someone point me to some info on how to correctly NAT and Anti-Spoof
this.
Is there and encrypt rule I need to define into the DMZ also?
thanks, this is one of the best lists out there...
PDB
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
