I was talking more about the firewall rules portion - I guess that's what I wasn't clear on.
The reason I don't like the built in VPN client is that it doesn't support split tunnelling, so you're paying a bandwidth penalty for all off-network directed traffic that gets instantiated. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Ryan Malayter [mailto:[EMAIL PROTECTED]] > Sent: Friday, October 11, 2002 3:14 PM > To: NT 2000 Discussions > Subject: RE: AD naming > > > From: Roger Seielstad [mailto:[EMAIL PROTECTED]] > >That sounds like its working by design, unless I'm > >reading you wrong. > > It is indeed behaving as designed, which is exactly what PSS > told us and > why they provided no fix. The problem is that the design is, in my > opinion, very wrong. I feel that when a VPN session is initated, the > client should look at the remote DNS over the VPN first for name > resolution, then fall back to the plain-IP connection's DNS > if it fails. > Windows 2000/XP built-im VPN clients don't work this way, but, as > mentioned, many 3rd party VPN clients do. > > Ryan Malayter > Sr. Network & Database Administrator > Bank Administration Institute > Chicago, Illinois, USA > PGP Key: http://www.malayter.com/pgp-public.txt > ::::::::::::::::::::::::::::::: > The greatest lesson in life is to know that even fools are right > sometimes. > -Sir Winston S. Churchill > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
