07-15-2009 06:02 AM - edited 02-21-2020 04:17 PM
Hi,
Altho' generally using no-split-tunnelled RA vpn setups there are some instances where it is necessary. Some staff work extensively on a customer site and need access to our resources as well as those of the site.
It seems to me that the big sticking point in all this is DNS. If you assign a DNS svr via the group-policy then you have the same problem you would if you did not assign one and left it with the remote site's DHCP assigned svr.
For the no to IT literate it is very difficult to explain how to connect their Excahnge svr or file share while still being able to access local file shares and printers.
Anyone know of a way to overcome this problem? (Or if I have not explained it properly)
Any help much appreciated,
Michael
07-15-2009 10:34 AM
One way is to use SSLVPN (Cisco is headed that way anyway) and create a portal for your servers. TS & Citrix will work best.
Hope that helps.
07-15-2009 06:24 PM
Hi Colin .. afraid it doesn't. SSL vpns require expensive licensing I believe (pls correct me if I'm wrong) and my Co. is a scrooge at the moment.
We have a TS but if all the required users jump on it at the same time it will die.
Re: Citrix see comments on $$ for SSL VPN
Thanks anyway.
Regards,
Mike
07-16-2009 12:04 AM
Fixed my own problem .. comes down to DNS suffixes.
group-policy POLICY-01 attributes
<..snip..>
dns-server value x.x.x.x !# the DNS of home - i.e. to whom the vpn clients are connecting to
<..snip..>
split-tunnel-policy tunnelspecified
<..snip..>
default-domain value local.site.suffix !# customer site which RA have access to via split-tunnel
split-dns value home.company.suffix
<..snip..>
As the site DNS is configured when a DHCP address is granted the configuration of the remote DNS just adds one. Then using first one and if necessary the other by virtue of the suffix it seems to fix all those user quirks like drive mappings and print servers etc with just the win friendly hostnames (not FQDN)
Does the trick at any rate.
Hope this is useful to someone else
Michael
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide