[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1125
  • Last Modified:

VPN and DNS

After I successfully VPN into my PIX I am not able to browse or access any part of the network.  I only use DNS, no WINS.  I look at the clients event log and I see this.

The system failed to register network adapter with settings:

   Adapter Name : {734E1C62-6097-4F6B-A1F8-5C220B7CE92F}
   Host Name : IT
   Adapter-specific Domain Suffix : dxcg.com
   DNS server list :
     65.106.1.196
   Sent update to server : 64.226.28.33
   IP Address(es) :
     67.108.218.222

 The reason it could not register was because either: (a) the DNS server does not support the DNS dynamic update protocol, or (b) the primary zone authoritative for the registering names does not currently accept dynamic updates.

 To add or register a DNS host (A) resource record using the specific DNS name for this adapter, contact your DNS server or network systems administrator.

Any ideas on what is going on?  I do have accept Dynamic updates set to YES on my DNS server.

Thanks
0
gtimmons
Asked:
gtimmons
  • 11
  • 4
  • 3
  • +1
1 Solution
 
Justin MaloneCommented:
*I do have accept Dynamic updates set to YES on my DNS server.*
but do you also have always update dns in your dhcp?
do your users have rights to access whatever they cannot access?
0
 
gtimmonsAuthor Commented:
where do I find always update dns in my dhcp?
yes I do have admin rights to everything.
0
 
gtimmonsAuthor Commented:
I found the setting in my dhcp and set it to always but I still have the problem
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Justin MaloneCommented:
go to a command prompt and type ipconfig /registerdns
0
 
gtimmonsAuthor Commented:
if I do a ipconfig /displaydns what should it show me?  I did the registerdns, no change
0
 
myron-szyCommented:
I've read somewherw on Microsoft's site and on a few locations that even though WINS is not required, some of the tools within Windows 200x server and also some core system components still require it.  Especially during the promotion of a server from a stand-alone server to a domain controller.  I'm now kicking myself for not grbbing hold of the documentation.  I just ahave a feeling that the problem you're encountering may be relayed to the absence of a correctly configured WINS server.
0
 
myron-szyCommented:
Something else I've noticed.  Your client is trying to register a public IP address on your LAN's domain name server.  If you're trying to VPN into a network then should the client be trying to register a LAN address?  The usual are in the ranges 10.x.x.x(255.0.0.0), 192.168.x.x(255.255.255.0), 172.16.x.x->172.31.x.x(255.255.0.0).  [I may have got the Private IP range the lost one wrong].

Your VPN server.  Can you configure it to be a DHCP relay and configure the DHCP server on your Windows server, if you are oprtating a Windows server?  If not you may need to check the configuration of your VPN server and DHCP server carefully.

I know it's more of a pain in the ass, but consider reserving IP addresses (associated to MAC addresses on the client) where the reserved IP addresses are in your LAN's range.

Still, it seems like the DHCP may be incorrectoy configured.
0
 
gtimmonsAuthor Commented:
at one point we did have WINS on the same server as our DNS.  We found that when we disabled WINS last week we could VPN and everything was working just fine, well that only lasted one day and we have the same problem as before, you can VPN in but you cant access anything.
0
 
gtimmonsAuthor Commented:
We are running the VPN from the PIX 515
0
 
gtimmonsAuthor Commented:
DHCP on my LAN?  If so, how does that affect VPN when the VPN server?  My VPN server gives the incoming clients their IP address, the domain  name and the DNS server info.
0
 
martapCommented:

Hi,

You say you're not able to browse nor ACCESS your lan. If you cannot access your lan you won't be able to send DDNS updates also.

If you're not able to access your lan when you VPN in it's then a different problem and not a DDNS problem.

Post your PIX config and explain your setup a bit.
0
 
gtimmonsAuthor Commented:
Okay, here is my problem. Clients VPN in to the PIX successfully, they get an internal IP address.  When they try to access Outlook or any other map drive, it won't.

I have DNS, DHCP configured on one machine, no WINS.  

My VPN server, PIX, gives out the internal IP address and it says what the primary DNS server should be, along with the domain.


0
 
gtimmonsAuthor Commented:
When I look in my DNS manager I don't see my machine registering. I do see another machine who is also having the same issue when she VPN's in. She is registering in DNS with the IP address given to her from VPN.  I checked my DNS properties on my machine and I do have register the connection checked.  Even though she is registering she is having the same connection issue as me, so is everyone who VPN's in.
0
 
myron-szyCommented:
So what is the IP range in use for your Internal network?  Is it within one of the officially IP address ranges for internal addresses?  If so then `67.108.218.222` don't look right to me.
0
 
gtimmonsAuthor Commented:
the 67 is an external IP number, the PC I am using right now is outside the firewall.

when we vpn in we get a 10.40.5.xxx address, out internal scheme is 172.24.xxx.xxx
0
 
gtimmonsAuthor Commented:
could I be missing an entry in my DNS server config under forward lookup servers?
0
 
gtimmonsAuthor Commented:
problem solved with the help of Cisco tech support.  I had to add a access in my pix to allow data to flow.
0
 
Justin MaloneCommented:
then i guess martap was on the right track
0
 
martapCommented:

yeah!!, gimme gimme points... :)
0
 
Justin MaloneCommented:
lol
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 11
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now