|

»

Netscreen - General

Split Tunnel VPNs With Assigned DNS Servers

View: New views

3 Messages — Rating Filter: Alert me

	Split Tunnel VPNs With Assigned DNS Servers by Devon True :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message All: We have a customer who uses a Netscreen 5GT running 5.0.0r8.1 that has some dialup VPN users. The users run the Netscreen Remote software on their PCs and the VPN connections work fine. I was recently asked if we could assign internal DNS servers to the VPN users when they connect. I went to VPNs > AutoKey Advanced > XAuth Settings and configured the two requested DNS servers. However, when users connect, they did not get the assigned DNS servers. I found out that I had to assign a pool of IPs to the XAuth Settings window for the Netscreen to pass the DNS servers. The issue with this is that all Internet traffic gets routed to the Netscreen and not just VPN traffic. I also saw "Query Client Settings on Default Server" on the XAuth Settings but I am unable to check that box. The customer asked about split tunneling and my understanding is that is what the Netscreen was doing in the first place; VPN traffic goes across the VPN and all other traffic goes out the normal Internet path. However, this method did not assign the internal DNS servers. Any suggestions on how to accomplish this? The Netscreen Remote software is 8.0. -- Devon _______________________________________________ nn mailing list nn@... http://qorbit.net/mailman/listinfo/nn
	Re: Split Tunnel VPNs With Assigned DNS Servers by Joekim13 :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message First of all you got some major upgrading to do. latest version of Netscreen Remote is 8.7 and screenOS i highly recommend 5.4r3a. That being said, you can accomplish split tunneling or 'centeral-tunneling'(sending everything in the tunnel). you should still be able to send DNS/WINS to the client even when using route based or policy based and split or central tunneling. if its not working it could be a bug but i've tested with 5.0r9 and 5.4r3. The quesry client setting is used if your passing the dns/wins information from a radius server via xauth. Joe Devon True wrote: All: We have a customer who uses a Netscreen 5GT running 5.0.0r8.1 that has some dialup VPN users. The users run the Netscreen Remote software on their PCs and the VPN connections work fine. I was recently asked if we could assign internal DNS servers to the VPN users when they connect. I went to VPNs > AutoKey Advanced > XAuth Settings and configured the two requested DNS servers. However, when users connect, they did not get the assigned DNS servers. I found out that I had to assign a pool of IPs to the XAuth Settings window for the Netscreen to pass the DNS servers. The issue with this is that all Internet traffic gets routed to the Netscreen and not just VPN traffic. I also saw "Query Client Settings on Default Server" on the XAuth Settings but I am unable to check that box. The customer asked about split tunneling and my understanding is that is what the Netscreen was doing in the first place; VPN traffic goes across the VPN and all other traffic goes out the normal Internet path. However, this method did not assign the internal DNS servers. Any suggestions on how to accomplish this? The Netscreen Remote software is 8.0. -- Devon _______________________________________________ nn mailing list nn@qorbit.net http://qorbit.net/mailman/listinfo/nn
	Re: Split Tunnel VPNs With Assigned DNS Servers by Alan Strassberg :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message Check out DNS Proxy (but not sure if this is available in 5.0). I use this with Site-to-Site VPNs You can, for example, send queries for foo.com to internal servers while all other requests to the ISP. Great feature. Be sure you point to the Netscreen for DNS for this to work. On 3/27/07, Devon True <devon+nnlist@...> wrote: All: We have a customer who uses a Netscreen 5GT running 5.0.0r8.1 that has some dialup VPN users. The users run the Netscreen Remote software on their PCs and the VPN connections work fine. I was recently asked if we could assign internal DNS servers to the VPN users when they connect. I went to VPNs > AutoKey Advanced > XAuth Settings and configured the two requested DNS servers. However, when users connect, they did not get the assigned DNS servers. I found out that I had to assign a pool of IPs to the XAuth Settings window for the Netscreen to pass the DNS servers. The issue with this is that all Internet traffic gets routed to the Netscreen and not just VPN traffic. I also saw "Query Client Settings on Default Server" on the XAuth Settings but I am unable to check that box. The customer asked about split tunneling and my understanding is that is what the Netscreen was doing in the first place; VPN traffic goes across the VPN and all other traffic goes out the normal Internet path. However, this method did not assign the internal DNS servers. Any suggestions on how to accomplish this? The Netscreen Remote software is 8.0. -- Devon _______________________________________________ nn mailing list nn@... http://qorbit.net/mailman/listinfo/nn _______________________________________________ nn mailing list nn@... http://qorbit.net/mailman/listinfo/nn

LightInTheBox - Buy quality products at wholesale price!