Solved

name resolution over a VPN using a PIX 501

Posted on 2004-08-31
7
233 Views
Last Modified: 2010-04-17
I am using a PIX 501 for VPN access to my network.  I am using group VPN on the PIX and the Cisco VPN Client v4.0.1.  The internal network consists of a Windows 2003 Small Business Server and Windows XP clients.  On the PIX I have vpngroup statements for the internal DNS server and WINS server.  When using Remote Desktop (or ping for that matter) I will get inconsistant success when suing the names of the machines.  If I can no longer connect to, or ping a client by name over the VPN it will still work if I am actually on the local network.  I deleted the WINS database once and that seem to fix it for a while, but then it started happening again.  has anyone seen this prblem or is there another way to do name resolution?
0
Comment
Question by:smm357
7 Comments
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
The easiest way I have found to resolve this is to have a 2-line LMHOSTS file on the client PC that identifies the domain and the domain controller..

How to Write an LMHOSTS File for Domain Validation and Other Name Resolution Issues
http://support.microsoft.com/support/kb/articles/Q180/0/94.ASP
0
 
LVL 11

Expert Comment

by:billwharton
Comment Utility
Another suggestion if you want to scale beyond hosts file would be to start using DNS. I've seen way fewer problems with a DNS/VPN pair than with a WINS/VPN pair.
0
 

Author Comment

by:smm357
Comment Utility
I have tried both the LMHOSTS file and using DNS but it is still not working (name resolution, that is).  I also failed to mention that I am using split-tunneling so users will have access to their local networks as well as internet access.  I don't necessarily need to use split-tunneling as long as users can still access the internet somehow and also their local networks.  thanks you for your input.  I am going to try and work more with DNS.  Any other suggestions would be greatly appreciated.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 79

Accepted Solution

by:
lrmoore earned 125 total points
Comment Utility
All I can tell you is that it works great for me with split-tunneling enabled. Without the LMHOSTS file, I couldn't do any name resolving...

Since you have the WINS server set up and the VPNgroup pointing to it....
Hmmmm.....

>I will get inconsistant success
This tells me that there is something else going on. Do all the internal hosts point to the PIX as their default gateway?

0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Do you need more information?
Have you resolved this problem?
Can you close this question?
Thanks!
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
No comment has been added to this question in more than 21 days, so it is now classified as abandoned. I will leave the following recommendation for this question in the Cleanup topic area:

Award points to lrmoore

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

donjohnston
EE Cleanup Volunteer
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now