October 31st, 2012, 01:05 PM
Direct internal traffic to external IP?
Hi, I'm hoping someone has experienced this and can lend some guidance. I have 20 locations with both private and public networks. I have 2 private and 2 public DC's running DNS and the 2 public DC's are setup as children of the private. So domain.com and public.domain.com. On the public.domain.com when a user attempts to go to mail.domain.com they first look at the public.domain.com DC/DNS which does not contain that address it then looks at the domain.com DC/DNS which contains the DNS Alias and CNAME which uses a private network address. This then requires me to pass public traffic to the private network via the remote sites firewall to allow them access to this site.
What I want to do is send the user out to the internet using the External IP. Is there a way to get the users on the public side of the network to use the External IP versus the internal address?
My thought is to create a CNAME on public.domain.com using the External IP and the alias would point to that. Then the user would be sent out to the internet to come in via the external address versus hitting the internal. Would that work and if so is that the best practice?