Name resolution for VPN clients 1

[achilleus]

Thanks in advance for any help you can offer.

We are using a Net25 Juniper ScreenOS. We have VPN clients accessing resources remotely. They are able to connect without issue. However, they are not able to resolve internal (192.168.x.x) system names.

What is the best way to accomplish this? Currently I am adding to the HOST file on each system. However, I would like to find a way to have the Netscreen provide an internal DNS server to the VPN client. Is this possible? Is there a better way?

Thanks again!

AJ
ITM

 

[Packet7]

Hi,

Are you using Netscreen Remote with XAuth? The best way is to setup the IPpool and XAuth settings. This will allow you to assign DNS to your Netscreen Remote Clients. Let me know.

Rgds,

John

 

[achilleus]

Hi again John,

I am using Netscreen Remote. However, we were not using XAuth.

Would I just use a pool of unused IPs from our local network?

I'll give it a try. Thanks again!

AJ
ITM

 

[achilleus]

Sorry, couple of questions about the XAuth setup...

Is XAuth only configured under VPNs > AutoKey Advanced > XAuth Settings? If so, should I use the Query Client Settings on Default Server option?

Are there any other locations for XAuth settings I should configure?

Also, does this mean there will be another user name and password users have to enter? Basically I would rather be able to assign the DNS info without requiring another type of authenticaiton. At least for now.

Thanks again!



AJ
ITM

 

[Packet7]

Hi,

I think you need to use XAuth with Authentication. We use XAuth with an RSA Server, but you can also use local accounts. The CLI will define the IPpool and XAuth settings.

set ippool "IPpool" 192.168.1.10 192.168.1.20
set xauth default ippool "IPpool"
set xauth default dns1 192.168.1.2
set xauth default dns2 192.168.1.3

Rgds,

John