Okay, this should thoroughly rack everyone's brains (whilst not a monumental task, it has mine).
So, the text version is:
1) I'm VPN'd into work and Nat'd on my side (i.e. I can see them, however, they can't see me).
2) I have a Windows SBS 2003 server that supplies services. The most important of which is DNS.
3) This server has a stub entry in DNS that points to my work internal domain. This let's me resolve work machines using the work domain nomenclature.
4) The SBS server also supplies email internally and externally (it's exposed to the internet) for me and has a static mapping out the pix and in.
PROBLEM:
The NAT mapping out isn't smart enough to realize the it should bypass the static nat for vpn'd ip addresses. It's all or nothing.
I can send and receive email, surf the net, get to my OWA, etc. However, the SBS server ignores any attempt at contacting anyone of the VPN. Being as the SBS server does stub lookups in DNS for the internal network, NO internal machine can resolve work ip addresses.
However, other machines on the internal network can ping work machines.
It looks like this:
Internal network ===> PIX ===> VPN/NAT ===> Work
---- break ----
SBS y.y.y.51 ===> PIX ===> x.x.x.18
SBS y.y.y.51 <=== PIX <=== x.x.x.18 (Port: Email, http,etc)
How do I tell the SBS server to stop ignoring the work routes?
I'm assuming more clarification would be necessary. Let me know what info is needed to help.
Take care,
Drew
So, the text version is:
1) I'm VPN'd into work and Nat'd on my side (i.e. I can see them, however, they can't see me).
2) I have a Windows SBS 2003 server that supplies services. The most important of which is DNS.
3) This server has a stub entry in DNS that points to my work internal domain. This let's me resolve work machines using the work domain nomenclature.
4) The SBS server also supplies email internally and externally (it's exposed to the internet) for me and has a static mapping out the pix and in.
PROBLEM:
The NAT mapping out isn't smart enough to realize the it should bypass the static nat for vpn'd ip addresses. It's all or nothing.
I can send and receive email, surf the net, get to my OWA, etc. However, the SBS server ignores any attempt at contacting anyone of the VPN. Being as the SBS server does stub lookups in DNS for the internal network, NO internal machine can resolve work ip addresses.
However, other machines on the internal network can ping work machines.
It looks like this:
Internal network ===> PIX ===> VPN/NAT ===> Work
---- break ----
SBS y.y.y.51 ===> PIX ===> x.x.x.18
SBS y.y.y.51 <=== PIX <=== x.x.x.18 (Port: Email, http,etc)
How do I tell the SBS server to stop ignoring the work routes?
I'm assuming more clarification would be necessary. Let me know what info is needed to help.
Take care,
Drew
