Solved

dyndns - do i need it

Posted on 2012-03-16
7
573 Views
Last Modified: 2012-03-19
hi i have configured a windows 2003 network with an isa 2006 acting as my firewall, but the isa2006/external nic2 recieves a dhcp: 192.168.0.3/24 address from my residential netgear router built-in dhcp box.  that also provides my isp internet ip address on 92.237.54.62 which is the device ip of my netgear router box so that i can receive internet access.

my address is supposed to be dynamic according to my isp, but everytime i check over the last 4 months it has never changed!!!!

i have however also configured my network to allow vpn remote access from home and i have also configured my laptop for vpn connection by using the same address: 92.237.54.62 but it keeps failing!!

during a local test i plug my laptop into my netgear router box to test my vpn and i receive the correct: 10.0.0x/24 network address from my internal dhcp successfully and can open up network places and see my domain name but to test properly from a remote location is my issue!!

questions 1.  i have been told that this works but wanted to know if by using 'dyndns', would then rectify my problem ?
0
Comment
Question by:mikey250
7 Comments
 
LVL 10

Accepted Solution

by:
pclinuxguru earned 250 total points
ID: 37729972
DynDNS is used when your external IP (92.237.54.62) changes and it auto updates the DNS with the new IP.

If you external is 92.237.54.62 and you not connecting to it by IP then DynDNS won't help you.

An easier way to gain access to your own network would be LogMeIn unless there is a real reason you need to vpn into your network.

Several things can come into play here.

1) Being the ISP blocks the ports your VPN needs to function.
2) Your router needs to be configured to route to the correct internal address (I count two private networks - 192.168.0.3/24 is private as well as the 10/24.) My guess is something could be misconfigured on your router)

You could draw a simple diagram because what you posted is a little confusing. You have a 192.168.0.0/24 network that you can vpn into but you also have 10.0.0/24 that you can vpn into.. pick one.
0
 
LVL 11

Expert Comment

by:netballi
ID: 37730058
Hello,

there are a lot of points of failure from external network. first of all you need to check what all ports are required for your application to work and check if you can telnet them to your machine (laptop) .

If telnet works then you should be ok but if telnet fails you need to check with you ISP if port are blocked or not. also can you share you trace route out put from external network.

Also check if external to internal  IP address NAT is working all the way to your desired machine IP that is from your external IP of 92.x.x.x to your 10.x.x.x

for further troubleshooting.
0
 

Author Comment

by:mikey250
ID: 37730123
hi, (apologies for not sending a diagram as not drawn one out)

ok - i did not think i needed 'dyndns', just thought i would ask!:)  ive already had advice from others and my setup is ok!!!

- internal network: 10.0.0.x/24
- isa2006/internal nic1: 10.0.0.1/24 - no dg & static route points to 10.0.0.1
- isa2006/external nic2: 192.168.0.3/24 - successfully recieves isp info already!!!
- cisco layer 2 switch: ip default-gateway 10.0.0.1

note: all machines have internet access successfully and all i now wanted to do was allow a vpn to connect as have already added vpn configurations on isa 2006.

note: when i was trying to use radius i remember ports: 1645/1646 but not using radius now as been told is not needed as i already have a domain ad network so authentication is already done.

note: i cannot telnet or tracert as my isa 2006 is not configured to allow this!!!

ideally my isa2006/external would have a static address but due to plugging into my netgear router box which actually provides the internet access, this was the only way i could do this!
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 10

Expert Comment

by:pclinuxguru
ID: 37730915
Well you may want to check your netgear config as they normally have firewall's on them and they are turned on.

Getting access to the internet is easy.... it's getting to the inside of your network thats a challenge. most firewall's block incoming traffic and allow all outgoing traffic by default.

Depending on your VPN setup on the ISA you will need to open/forward ports to it or ensure all traffic is going to your ISA box and the netgear router having the firewall disabled or not blocking the ports the vpn server and client need. As netballi mentioned you would need something listening on the ISA server in order for you to test where the failure is. generally telnet won't work on vpn servers.
0
 

Author Comment

by:mikey250
ID: 37732552
as this question regarding 'dyndns' has been answered i will create another question regarding what settings ive enabled on my physical netgear router.

comments have been appreciated!
0
 
LVL 10

Assisted Solution

by:172pilotSteve
172pilotSteve earned 250 total points
ID: 37738516
If you want to take comments to the other question, can you provide a link?

Anyway, my stab at an answer would be
1:  You dont need DynDNS until and unless your REAL ip from your ISP changes.  If it doesn't happen frequently, you might find it just easier to change the remote computer's VPN connection IP, so that you can still connect..  The only thing DynDNS would do would be to help you always connect to a consistent NAME (like "myprivatevpn.dyndns.org" or something) instead of always changing the underlying IP address in your configuration..

The only other thing I'd say is...  WHY do you have a netgear box?  Is the NetGear your dsl modem or something?  If your NetGear is getting it's IP from another box with Ethernet then you should just get rid of it, and put the ISA server external NIC straight to it, so that you can get a REAL IP address on the external ISA NIC.  That's going to be the easiest answer...  If you can't do that, because your Netgear IS your dsl modem or something, then you'll need to put that device into "bridge" mode so that the ISA can get the real address instead of the double NAT'ing you have going on now.  You COULD get it working the way you have it, but there's going to be a bunch of stuff you need to manually configure to forward on the Netgear to make the VPN work (and it will be different depending on what kind of VPN you're doing...  PPTP, L2TP, HTTPS/SSL, etc)  The ISA will largely take care of that, if you can get it's external NIC to have a real IP address...

-Steve
0
 

Author Comment

by:mikey250
ID: 37738586
hi thanks your 1st point 1 above is correct as i also understood 'dyndns' to be used only for intermitant change of ip addresses but someone mentioned the other day that it may do other stuff.  as it turns out i did not need it!!

i cannot get rid of my residential netgear router box as my isp provided this as it is directly connected to the internet.  I only wanted to learn how to configure isa 2006 so i had connect isa 2006 to my netgear router box.

in the end on saturday i resolved my problem and can logon remotely via my laptop/mobile phone connected and i can also visit a friends house and gain internet access and logon via vpn successfully!!

i had not put 'ppty port 1723' on my netgear router box, which allowed my vpn to work via remote vpn location.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question