[ previous ] [ next ] [ threads ]
 
 From:  "Dan DeRemer" <dderemer at atnetplus dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  PPTP redirect to RRAS problem
 Date:  Tue, 13 Feb 2007 19:36:51 -0500
My problem is dealing with using Windows 2003 RRAS PPTP with the PPTP
redirect on the m0n0wall and a DNS host record that has different IPs
internally and externally in my domain. Here's the set up:

 

DSL -> 2 static IPs -> 1 IP assigned to m0n0wall and 1 IP assigned via
1:1 NAT (and Proxy ARP) to an Exchange server on the LAN interface with
3 Win2k3 Standard servers (including the Exchange server) on the same
LAN interface. We are using Outlook over the Internet (RPC over HTTP) to
connect field users' Outlook right now. The RPC proxy is set to the
Exchange server's public DNS host record. To curb a performance issue
with detecting which connection method Outlook should use (as well as
address other field related issues), an entry for the Exchange server's
public DNS host record was added to the internal DNS on our network with
the Exchange server's internal IP listed instead. This has worked well
until we introduced PPTP connections into the picture. To save money and
allow our employees to work remotely on files, we setup one of the 3
Win2k3 servers with RRAS and redirected the PPTP connections from the
m0n0wall to the RRAS server. The PPTP connections are established by
WinXP and work fine and allow for our intended goal to be accomplished
but the problem I am having is with the Outlook RPC over HTTP setup.
While connected via the PPTP connection, the Windows XP machine is using
its host network's DNS servers to perform DNS resolutions first even
though the computer is getting our internal DNS servers defined by the
PPTP connection. So the Exchange server public DNS entry is resolving to
the public DNS and trying to connect via the public IP and is getting
blocked by the m0n0wall.

 

Is there a way either set up some kind of static route on the monowall
or RRAS server to keep PPTP clients from accessing the exchange server's
public IP and redirect the clients to the internal IP? Is there an
easier way to do this or is there something that I am missing? Thanks!

 

 

Regards,

 

Dan DeRemer
AtNetPlus, Inc.
2321 2nd Street, Suite 105
Cuyahoga Falls, OH 44221
Phone: (330) 945-5685 ext 104
Cell: (330) 697-3193
Fax: (330) 945-5684
http://www.atnetplus.com/

 


Are you currently trying to fulfill government security compliance (SOX, HIPPA, etc.)? Do you now
have to warehouse your event logs and/or email? Download EventsManager and MailArchiver today!
http://www.gfi.com/pages/files.htm