Re: [nn] Split Tunnel VPNs With Assigned DNS Servers

To:	"Devon True" <devon+nnlist@noved.org>
Subject:	Re: [nn] Split Tunnel VPNs With Assigned DNS Servers
From:	"Alan Strassberg" <alanstrassberg@gmail.com>
Date:	Thu, 29 Mar 2007 10:27:37 -0700
Cc:	Netscreen Mailing List <nn@qorbit.net>
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	ns-list2@consult.net
Delivered-to:	nn@qorbit.net
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=ZvqaB6lZYtKG8Knps4y5EtdpmDPIQcK6/7m+753SPPOP5d8nxmowYZ+yDDps42ce2pOZvBjc6Dh/F4TFTHS51I+wCmMrU03o+RwqAcEqv/6bdMF0y1YoHJ7vgO9v1/PGdsQZ69JhNg1SWEfXMMg4NcbpDRlgLZd/eKP/dE0KLLw=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=WofbGeCRVeT6a61w4Si90U3sgRLuOIwSGjCdqHN6Ax0UzxkoTXZG+169a3UbakNO6lve3vF1hSzKaJL/Dp5sryctjHiuuVEeVU0YyShTzNQw/+ACVtN6S09j5HxsoEu8w2PpyZroAYy06F7uCpUINV8PkfsIIjE9f2ABFTc9PYI=
In-reply-to:	<46095F48.8070109@noved.org>
List-archive:	<http://www.qorbit.net/nn>
List-help:	<mailto:nn-request@qorbit.net?subject=help>
List-id:	"Netscreen mailing list for netscreen admins." <nn.qorbit.net>
List-post:	<mailto:nn@qorbit.net>
List-subscribe:	<http://qorbit.net/mailman/listinfo/nn>, <mailto:nn-request@qorbit.net?subject=subscribe>
List-unsubscribe:	<http://qorbit.net/mailman/listinfo/nn>, <mailto:nn-request@qorbit.net?subject=unsubscribe>
References:	<46095F48.8070109@noved.org>
Sender:	nn-bounces@qorbit.net

Check out DNS Proxy (but not sure if this is available in 5.0). I use this with Site-to-Site VPNs

You can, for example, send queries for foo.com to internal servers while all other requests to the ISP.
Great feature. Be sure you point to the Netscreen for DNS for this to work.

On 3/27/07, Devon True < devon+nnlist@noved.org> wrote:

All:

We have a customer who uses a Netscreen 5GT running 5.0.0r8.1 that has
some dialup VPN users. The users run the Netscreen Remote software on
their PCs and the VPN connections work fine. I was recently asked if we
could assign internal DNS servers to the VPN users when they connect. I
went to VPNs > AutoKey Advanced > XAuth Settings and configured the two
requested DNS servers. However, when users connect, they did not get the
assigned DNS servers. I found out that I had to assign a pool of IPs to
the XAuth Settings window for the Netscreen to pass the DNS servers. The
issue with this is that *all* Internet traffic gets routed to the
Netscreen and not just VPN traffic. I also saw "Query Client Settings on
Default Server" on the XAuth Settings but I am unable to check that box.

The customer asked about split tunneling and my understanding is that is
what the Netscreen was doing in the first place; VPN traffic goes across
the VPN and all other traffic goes out the normal Internet path.
However, this method did not assign the internal DNS servers.

Any suggestions on how to accomplish this?

The Netscreen Remote software is 8.0.

--
Devon
_______________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn

_______________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn

<Prev in Thread]	Current Thread	[Next in Thread>
[nn] Split Tunnel VPNs With Assigned DNS Servers, Devon True Re: [nn] Split Tunnel VPNs With Assigned DNS Servers, Alan Strassberg <=

Previous by Date:	Re: [nn] How to reduce MTU for a VPN tunnel?, Marc Haber
Previous by Thread:	[nn] Split Tunnel VPNs With Assigned DNS Servers, Devon True
Next by Thread:	[nn] Insall, Pete is out of the office., Pete . Insall
Indexes:	[Date] [Thread] [Top] [All Lists]