[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Split Horizon DNS w/ Split DNS for VPN
I am running NT SP6a, with FW-1/VPN-1 4.1 SP2, and SecuRemote 4165 Everything is working as expected with the SecuRemote client, dnsinfo.c is correct, etc... I can browse the encdomain fine, ping machines in the encdomain fine, etc... I have set up split horizin DNS; internal clients will resolve www.xyz.com to the non-routable DMZ IP address, while external (web) users will be resolved to the routable IP and NAT'd to the non-routable DMZ. This is all working fine. Now I have a SecuRemote client who is configured and working properly using the dnsinfo.c (lots of fun when you have fat fingers), and can ping and browse my encyption-domain. My DMZ is NOT part of the encryption Domain, and adding it doesn't fix anything. So, if I ping machineA.xyz.com from the SecuRemote client I get a successful reply. But if I try to hit the website www.xyz.com, it resolves to the non-routable DMZ IP and I can not browse it, or a ping also does not work. I can get aroung this by adding the routable IP entry to the hosts file - this is unacceptable though. If I need to have my internal DNS servers resolve these to the routable IP, can someone point me to some info on how to correctly NAT and Anti-Spoof this. Is there and encrypt rule I need to define into the DMZ also? thanks, this is one of the best lists out there... PDB ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|