Forum Discussion
MSE8000rob_3129
Nimbostratus
NimbostratusSplit tunnel VPN Skype for Business - rewriting DNS
Hi,
We are deploying an F5 VPN and have and existing SfB environment. We need to enable a split tunnel so external users don't register to the internal SfB server but resister to the SfB Edge server. When the server DNS is queried the result gives the internal server.
We need to intercept the request and return with the SfB Edge server. How can this be done? Is this using iRules or is this a standard feature of the F5?
Thanks.
- Kai_Wilke
MVP
Hi MSE8000rob,
you may want to implement a Split-DNS setup, so that VPN clients will get a slightly different DNS resulution.
For Windows clients, you can make use of F5s
feature (click me), to selectively overwrite the DNS name resolution for your SfB server to reflect the IP of your Edge-SfB server.Static HostsFor everything else you can either:
- Deploy a DNS-Forwarder/Cache for your VPN clients (e.g. another Windows DNS) forwarding DNS-Request to your internal DNS Servers, while providing a additonal DNS zone for
including anyour-sbf-hostname.domain.tld
(empty) or""
(wildcard) A-Record reflecting the Edge-SfB IP adress.* - Use a DNS-Service enabled (requires DNS Server licenses) Virtual Server infront of your internal DNS Servers and point the VPN clients to this Virtual IP. Then apply an iRule to this VS to overwrite DNS request/responses for
to match the IP of your Edge-SfB server.your-sbf-hostname.domain.tld
Cheers, Kai
- Deploy a DNS-Forwarder/Cache for your VPN clients (e.g. another Windows DNS) forwarding DNS-Request to your internal DNS Servers, while providing a additonal DNS zone for
