[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Check Point NG & Secure Client NG Split DNS and LMHosts
Everyone, I have finally made time to install and configure two Check Point NG firewalls. I have one remaining Secure Client issue that I am trying to resolve. I want to configure VPN-1 and Secure Client to support split DNS. I have tried dozens of combinations of dnsinfo.C settings along with the Global Properties, Encrypt DNS setting, and configuring a SecureRemote DNS server on the servers objects tab. Nothing seems to work. I can see Check Point rewriting the userc.C and LMhosts file when I push a new policy and update the Secure Client site. When the dnsinfo.C syntax is correct or close, the LMHosts file and userc.C files are updated. Unfortunately, whenever I try to ping an internal host using host.ad.domain.com., ping returns host not found. Other attempts to resolve internal host names fail as well. There have been may posts to the mailing list on this topic for Check Point 2000 / V4.1. I have not seen anything relating to this issue for Check Point NG yet. NG Split DNS Configuration: Has anyone configured split DNS successfully in NG according to the documentation in VPN.pdf, CP Management.PDF, and the following FAQ? Does the lib\crypt.def file require modification in the same way as in CP 2000? http://support.checkpoint.com/kb/docs/public/securemote/ng/pdf/sc_faq.pd f Can split DNS in NG be configured without using a "SecuRemote DNS" server object? Does anyone have split DNS working in NG either alone or with LMhosts? Thank You for Your assistance. Kevin Palmer Network Engineer - MCSE+I, CCSE, CCNA Granite Solutions, Inc. Version Information: VPN-1 Gateway: NG build 50047 Windows 2000 SP2 & all security hotfixes Client: NG Secure Client build 50227 Windows 2000 Pro SP1 Configuration Files: *********** Section from userc.C *********** ) :managers ( : (<firewall external IP address> :obj ( :type (node) : (<firewall external IP address>) ) :dnsinfo ( :dns_servers ( : (<Int DNS Srv Obj Name>.<FW Ob Name> :obj ( : (<Int DNS Ser IP Addr>) ) :topology ( : ( :ipaddr (172.16.192.0) :ipmask (255.255.252.0) :ipaddr (172.16.196.0) :ipmask (255.255.252.0) :ipaddr (172.16.200.0) :ipmask (255.255.252.0) :ipaddr (172.16.204.0) :ipmask (255.255.252.0) :ipaddr (172.16.208.0) :ipmask (255.255.212.0) :ipaddr (172.16.216.0) :ipmask (255.255.252.0) ) ) :domain ( : ( :dns_label_count (14) :domain (.ad.domain.com) ) ) ) ) :encrypt_dns (true) :LMdata ( : ( :ipaddr (<Domain Controller IP Address>) :name (<DC Name>) :domain (<Windows Domain Name>) ) : ( :ipaddr (<Domain Controller IP Address) :name (<DC Name>) :domain (<Windows Domain Name>) ) ) ) :MgmtInternalCA *********** Entire dnsinfo.C *********** ( :dns_servers ( : (<DNS Server Object Name>.<FW Object Name> :obj ( : (<Int DNS Server IP Addr) ) :topology ( : ( :ipaddr (172.16.192.0) :ipmask (255.255.252.0) :ipaddr (172.16.196.0) :ipmask (255.255.252.0) :ipaddr (172.16.200.0) :ipmask (255.255.252.0) :ipaddr (172.16.204.0) :ipmask (255.255.252.0) :ipaddr (172.16.208.0) :ipmask (255.255.212.0) :ipaddr (172.16.216.0) :ipmask (255.255.252.0) ) ) :domain ( : ( :dns_label_count (14) :domain (.ad.domain.com) ) ) ) ) :encrypt_dns (true) :LMdata ( : ( :ipaddr (<DC IP Address>) :name (<DC Name>) :domain (<Windows Domain Name>) ) : ( :ipaddr (<DC IP Address>) :name (<DC Name>) :domain (<Windows Domain Name>) ) ) ) *********** Section from LMHosts *********** 172.16.y.z <Windows DC Name> #PRE #DOM:ad #SecuRemote 172.16.y.z <Windows DC Name> #PRE #DOM:ad #SecuRemote Keywords NG Next Generation 5.0 ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|