External RWW address on internal network shows Comcast Gateway login page, works fine externally

Hi guys,

I have a client that has a SBS and I just switched their Qwest connection to Comcast yesterday.  I updated DNS on GoDaddy to point the updated DNS records to point to the new Comcast Static IP (which is actually the IP of the gateway) and if you try and access https://remote.domain.com externally RWW works just fine.  However if you're on the local network and try to use the same address it acts like it's going to work (prompted with invalid certificate/continue screen) but after selecting continue it goes to the interface (192.168.55.1) of the Comcast gateway instead of the server 192.168.55.100.  

It's acting like there is some DNS record locally that points remote to the gateway instead of the server, but I'm not seeing anything.  Its got to be something easy...I'm just not seeing it

Network setup = Comcast SMC -->16 port switch --->SBS

Thanks guys!
CrossedFingersAsked:
Who is Participating?
 
DrDave242Commented:
Solution 2 above will most likely fix it; however, there's a slightly better way to do this.  Instead of creating a domain.com zone and a host record for remote, it's better to create a zone named remote.domain.com and a blank host record pointing to the internal IP of the server.  This way your server won't think it's authoritative for the entire domain.com zone.
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
Is the comcast smc a router?
0
 
CrossedFingersAuthor Commented:
Yes.  It's a SMC 8014.
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
Tony JLead Technical ArchitectCommented:
I would be that the comcast device doesn't support loopback, so when you browse to the external IP it just shows the login of the comcast device (router?).

Is the old router compatible with the comcast service?
0
 
CrossedFingersAuthor Commented:
The older router was a router/modem combination from Qwest and wouldn't work with the new setup.  I've told them for a while now they need a more robust router, but they're on a tight budget.  I googled SMC 8014 and loopback and got this thread:

http://superuser.com/questions/107276/how-do-i-forward-ports-on-a-comcast-smc-8014-w-a-static-ip-doesnt-seem-to-wor
0
 
jfletchsterIT ManagerCommented:
There are 2 posibilitys

1) You SBS server DNS needs to be updated, as its got old static configured zone for the external domain.

The SBS server DNS is probably wrong, it must have a static A record for the external domain.
Check the DNS Server for the domain.com. zone

2) The gateway you are using cannot loopback route the internal client to the server.

So you need to create a internal DNS record that minics the external one but returns the internal IP, you can create a manual DNS record to spoof the internal clients to have the same record as external. i.e create a new DNS zone (domain.com) on the SBS server and add a A record for remote. to point to the internal IP of the SBS server so it doesnt have to get the dns record from external dns.
0
 
jfletchsterIT ManagerCommented:
Good point DrDave, what was i thinking ...
0
 
CrossedFingersAuthor Commented:
Hi Guys,

So I have two forward zones: _msdcs.domain.local & domain.local.  When I added a new zone "remote.domain.com" it defiantly corrected my problem, but when I did an nslookup I could see that the default server had changed from servername.domain.local to remote.domain.com.  I went ahead and deleted the remote.domain.com zone and now it's showing correctly.  I'm sure this isn't what I want.  What should I be doing differently?
0
 
DrDave242Commented:
I wouldn't worry too much about what nslookup shows for your default server name.  That's the result of a PTR query that it performs on the IP address of your preferred DNS server the first time you run it, and it really doesn't mean much.  (What it means is that you have a PTR record in your reverse lookup zone that links your server's IP address with the name remote.domain.com.)  If everything else works fine, I would recommend leaving the remote.domain.com zone in place.
0
 
jfletchsterIT ManagerCommented:
Agree with dave, the name of the nslookup server can say anything it likes if your client has the correct static DNS servers in IPconfig or is being give the correct details from the DHCP server then DNS will resolve to the SBS server. What your client thinks is the primary name of that server is irelivent, a server can have 100 names if they are listed it will always resolve to the same IP address, computers communicate via IP address and Netmask not its DNS name in reality, computers talk in numbers not names.
0
 
CrossedFingersAuthor Commented:
Thanks so much guys.  Ultra fast responses.  I appreciate the help.  Sorry for the delay!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.