The title basically says it all, but I will elaborate.
I have my Outlook client setup to use the Outlook Anywhere feature. This works fine when not connected to our VPN. However, when I connect to the VPN the Outlook client loses its connection.
I setup our VPN using Windows Server 2003's RRAS which seems to work fine but it seems like this must be causing the issue.
My workstation is running Windows 7 Professional and I have the properties of my VPN connection set to NOT use the default gateway on the remote network (so I'm using my local gateway and am able to browse the internet without issue).
Does anybody have any idea what the problem could be? This is very frustrating.
Thanks in advance.
-
What DNS servers do the VPN clients get? I'm assuming that Outlook Anywhere is configured to use a public FQDN that can't be resolved whilw connected to the VPN. When the VPN client is connected can it resolve the FQDN of the Exchange server?
EDIT 1
Just so I have a better understanding, we're referring to the public FQDN of the Exchange server, right? If so then it's safe to assume that your internal and external DNS namespaces are different (.com and .local, or whatever), right?
Edit 2
Now that we've established what the problem is we have to determine what an appropriate solution is. There are a number of ways to tackle this and although I've never encountered your specific problem here are some notes and some suggestions:
Notes:
RRAS will provide DNS server settings to VPN clients via one of two methods: 1. If the RRAS server is configured to allocate ip addresses to the VPN clients from DHCP (internal DHCP server) then the DNS server settings configured in the DHCP server will be asigned to the VPN clients. 2. If the RRAS server is configured to allocate ip addresses to the VPN clients from a static pool on the RRAS server itself, then the RRAS server will assign whatever DNS server settings are configured in the TCP properties of the NIC on the server that is configured for incoming VPN connections.
Suggestions:
One way to allow VPN clients to resolve both internal and external DNS records would be to set up another internal DNS server as a forwarding only server (this could probably be the RRAS server itself). On this forwarding DNS server you can configure it to use publicly available DNS servers for external DNS resolution and configure it to use conditional forwarding to use your internal DNS servers for internal DNS resolution. Configure the RRAS server to use a static ip address pool for VPN clients that resides within your LAN subnet (to allow connectivity to internal resources) and set the NIC that is configured for RRAS to use this new DNS server for DNS.
This affectively creates a scenario where the RRAS server assigns the DNS server(s) that it's RRAS-bound NIC is configured to use to the VPN clients. When the VPN client needs to resolve an external DNS record the new DNS server will forward the query to whatever public DNS server you've configured it to use. When the VPN client needs to resolve an internal DNS record the new DNS server will forward the query to your internal DNS server, based on the conditional forwarding you configure on the new DNS server.
In review this seems a little complicated and may be "over engineering" the solution. You may want to see if anyone else chimes in with a simpler, more "elegant" solution.
ThingsToDo : No, I'm not able to resolve the FQDN of the Exchange server. What do I need to change on either DNS or RRAS so that the VPN clients will be able to connect while connected to ths VPN? I believe this is also causing other DNS issues that I haven't been able to resolve.joeqwerty : See my edits. Also, Outlook Anywhere wasn't really intended for use via VPN, one of the reasons being the problem you're experiencing now.ThingsToDo : Edit 1: Yes, they are separate (.com and .local)ThingsToDo : I'm not sure that this fully solves my problem (or at least not the way I want it to be solved) but you've been way too helpful to not award you the checkmark. You've helped me out a few times in the past (perhaps under different names)...just wanted to say thanks for sharing your information so freely.joeqwerty : Glad to help...From joeqwerty -
Set the TCP/IP properties of the VPN adaptor on the RRAS server to include the DNS server that would resolve the mail server FQDN to a VPN address.
For more discussion of RRAS and DNS see this thread.
From imoatama
0 comments:
Post a Comment