Forum Discussion
MSE8000rob_3129
Nimbostratus
NimbostratusSplit tunnel VPN Skype for Business - rewriting DNS
Hi,
We are deploying an F5 VPN and have and existing SfB environment. We need to enable a split tunnel so external users don't register to the internal SfB server but resister to the SfB Edge ...
Kai_Wilke
MVP
MVPHi MSE8000rob,
you may want to implement a Split-DNS setup, so that VPN clients will get a slightly different DNS resulution.
For Windows clients, you can make use of F5s
Static HostsFor everything else you can either:
- Deploy a DNS-Forwarder/Cache for your VPN clients (e.g. another Windows DNS) forwarding DNS-Request to your internal DNS Servers, while providing a additonal DNS zone for
including anyour-sbf-hostname.domain.tld
(empty) or""
(wildcard) A-Record reflecting the Edge-SfB IP adress.* - Use a DNS-Service enabled (requires DNS Server licenses) Virtual Server infront of your internal DNS Servers and point the VPN clients to this Virtual IP. Then apply an iRule to this VS to overwrite DNS request/responses for
to match the IP of your Edge-SfB server.your-sbf-hostname.domain.tld
Cheers, Kai