none
TMG 2010 Server DNS entry changing after site to site VPN comes is started

    General discussion

  • Hi,

    I've got a TMG 2010 server and I'm using it provide a site to site VPN connection to a remote branch that is also running TMG 2010.  This all works great.  My issue is that after the site to site VPN comes up, in my HQ site, the IP address in the DNS entry for my TMG 2010 server changes.  The HQ TMG 2010 server has a an address of XXX.XXX.0.21 set as the IP address of the internal NIC.  Once the VPN site to site VPN connection comes up, the DNS entry for the HQ TMG server gets set to an address of on the remote branches subnet, so something like XXX.XXX.17.5. 

    Can someone explain why this is and how to fix it.

    Thanks in advance,

    Nick

    Friday, February 08, 2013 5:15 PM

All replies

  • Anyone have any ideas on this?

    Thanks

    Monday, February 18, 2013 5:28 AM
  • Hi,

    Thank you for the post.

    “Once the VPN site to site VPN connection comes up, the DNS entry for the HQ TMG server gets set to an address of on the remote branches subnet, so something like XXX.XXX.17.5. “ – do you use fixed ip address on HQ TMG server for internal ip address and DNS setting? Do you mean the fixed ip address auto change to remote subnet ip?

    Regards,


    Nick Gu - MSFT

    Tuesday, February 19, 2013 4:32 AM
  • Hi Nick,

    Yes, the HG TMG has a fixed IP address.  The HQ TMG server IP address isn't changing, because I can still ping the HG TMG server by it's fixed address.  It is the DNS entry internally for the HG TMG server that changes.  Once the site to site VPN comes up the DNS entry for the HG TMG server changes to an address on the other branches subnet.  I didn't have this problem with my older ISA server, so I'm not sure what configuration change I need to make to not have the DNS entry on the HQ TMG server change.

    Nick

    Tuesday, February 19, 2013 5:45 AM
  • I have the same problem...

    TMG + SP's + latest (up to 4) rollups = 7.0.9193.601

    After upping site-to-site connection the primary dns changes to remote (site-to-site) dns server. I'm trying to add ServerPriorityTimeLimit=0 in the registry, check adapters bindings (first is local NIC). Even picked up a local caching DNS server...

    The only one solution is to disconnect RAS interface, directly put in it correct local DNS server and reconnect. But, if TMG or the hardware server restarts, this settings bring to default (auto)...

    Tuesday, March 25, 2014 2:24 PM