VPN, DNS, Outlook wackyness

pts.
Tags:
Microsoft Exchange
Networking
Outlook
Tech support
When some users connect to our company via our VPN their DNS doesn?t get changed to resolve to our internal DNS server. Normally, outside the firewall a ping to mailserver.ourcompany.com will resolve to 206.x.y.z our public IP mx record. Inside the firewall a ping to mailserver.ourcompany.com will resolve to 192.168.x.y our mail servers private IP. VPN users usually once connected should resolve a ping to mailserver or mailserver.ourcompany.com to 192.168.x.y and not to 206.x.y.z. Unfortunately, VPN some connection resolve to the external (public) IP instead of the internal (private) IP. When this happens Outlook is not able to work. What?s really weird is that this only happens on a few users/systems. Most of the time it works fine. Any ideas?

Answer Wiki

Thanks. We'll let you know when a new response is added.

On a PC, in the VPN connection properties go to the advanced properties of TCP/IP. There is an option “use remote gateway” which tells it to send requests to the VPN connection. Other thing to check is whether you are assigning static IPs via the user account. This can cause issues with Watchguard Fireboxes and might do so with others.

Discuss This Question: 6  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Bugwit
    I probably should have mentioned this. The "use remote gateway" is checked on the machines in question and the VPN is established through a Watchguard Firebox giving out dynamic addresses.
    0 pointsBadges:
    report
  • Cptrelentless
    It's the Watchguard. Piece of crap. Was pulling my hair out for ages over our VPN. Now I hate Fireboxes with a passion. Smash it, buy a better one.
    0 pointsBadges:
    report
  • Wdorciak
    Hi, We have had the same issue. What seems to be happening, if you have the same domain name for internal and external network, and the user browses the Internet before connecting to VPN, Windows will cache public DNS server info, and use that to resolve name after connecting to VPN, so that is why it might be trying to connect to public address. You could try (after connecting to VPN) ipconfig /flushdns. I started putting the email server address into the hosts file, and it always works for VPN (which is the only way users now connect to email anyway). I know, it seems like a step backwards, but is always reliable. What option do you use to connect via Watchguard - RUVPN or MUVPN?
    0 pointsBadges:
    report
  • Bugwit
    Thanks for some of that info. We authenticate to the Firebox so I guess it's MUVPN. I know we only use PPTP.
    0 pointsBadges:
    report
  • Espettit
    For Watchguards, we have always configured an LMHOSTS file entry for the mail server. It's a pain, but always works.
    0 pointsBadges:
    report
  • Wdorciak
    There may be one more factor when users connect via high speed internet available in hotels, and the private subnet the hotel uses (or at home) is the same as our internal network and mask. The interfaces (LAN and VPN) seem to have trouble routing packets to destination(s) if DHCP is used, and use default gateway on remote network does not seem to help either. Essentially what happens you have LAN with IP address of (for example) 192.168.1.100 and VPN interface with IP address assigned by VPN server that could be 192.168.1.200. If email server address is 192.168.1.2, what interface will be used to route the traffic to it? I don't know enough about TCP/IP networking to answer that question. The LAN will obviously not work because that is going to the Internet. Also it seems to differ between W2K and Win XP because Windows XP uses dynamic route metric assignment, so it will use the route with lower metric. Maybe using HOSTS (or LMHOSTS) solves this (if it is an issue at all) because since we started using HOSTS file, I have not heard (too many) complaints. I will have to try LMHOSTS as well. Thanks.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following