Block external net access while allowing access to internal webserver.

[NATCAT]

Hi All,

I'm trying to configure the IE setting for users that
1. aren't allowed internet access
2. are allowed to access the internal webserver.
This will be done with a GPO when the time come but for now I'm having trouble configuring the IE connection setting.

Currently the proxy setting is a bogus IP to prevent the user from accessing the net. The IP address and name of the webserver is in the exceptions list (do not use proxy server for addresses begining with).

But I cannot connect to the webserver unless I enter the correct proxy IP. Does anyone know a work around to block internet access but allow internal webserver access ?

NB: the clients are on a 192.x.x.x network and the webserver is on a 222.x.x.x network.

 

[markdmac]

You simply need to add a hosts entry for the server name to your internal DNS.

If you already have that, then it is likely that your DNS is misconfigured.

DNS should be set up like this:

On the server NIC it should only list Internal DNS servers.
In the DNS snap in, it should list ISP DNS on the forwarders tab.
In DHCP scope options it shoudl only push out internal DNS servers IPs.

On any statically configured workstations or servers, the NIC should only list internal DNS servers.

I hope you find this post helpful.

Regards,

Mark