VPN and DNS

After I successfully VPN into my PIX I am not able to browse or access any part of the network.  I only use DNS, no WINS.  I look at the clients event log and I see this.

The system failed to register network adapter with settings:

   Adapter Name : {734E1C62-6097-4F6B-A1F8-5C220B7CE92F}
   Host Name : IT
   Adapter-specific Domain Suffix : dxcg.com
   DNS server list :
     65.106.1.196
   Sent update to server : 64.226.28.33
   IP Address(es) :
     67.108.218.222

 The reason it could not register was because either: (a) the DNS server does not support the DNS dynamic update protocol, or (b) the primary zone authoritative for the registering names does not currently accept dynamic updates.

 To add or register a DNS host (A) resource record using the specific DNS name for this adapter, contact your DNS server or network systems administrator.

Any ideas on what is going on?  I do have accept Dynamic updates set to YES on my DNS server.

Thanks
gtimmonsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Justin MaloneSystem AdministratorCommented:
*I do have accept Dynamic updates set to YES on my DNS server.*
but do you also have always update dns in your dhcp?
do your users have rights to access whatever they cannot access?
0
gtimmonsAuthor Commented:
where do I find always update dns in my dhcp?
yes I do have admin rights to everything.
0
gtimmonsAuthor Commented:
I found the setting in my dhcp and set it to always but I still have the problem
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Justin MaloneSystem AdministratorCommented:
go to a command prompt and type ipconfig /registerdns
0
gtimmonsAuthor Commented:
if I do a ipconfig /displaydns what should it show me?  I did the registerdns, no change
0
myron-szyCommented:
I've read somewherw on Microsoft's site and on a few locations that even though WINS is not required, some of the tools within Windows 200x server and also some core system components still require it.  Especially during the promotion of a server from a stand-alone server to a domain controller.  I'm now kicking myself for not grbbing hold of the documentation.  I just ahave a feeling that the problem you're encountering may be relayed to the absence of a correctly configured WINS server.
0
myron-szyCommented:
Something else I've noticed.  Your client is trying to register a public IP address on your LAN's domain name server.  If you're trying to VPN into a network then should the client be trying to register a LAN address?  The usual are in the ranges 10.x.x.x(255.0.0.0), 192.168.x.x(255.255.255.0), 172.16.x.x->172.31.x.x(255.255.0.0).  [I may have got the Private IP range the lost one wrong].

Your VPN server.  Can you configure it to be a DHCP relay and configure the DHCP server on your Windows server, if you are oprtating a Windows server?  If not you may need to check the configuration of your VPN server and DHCP server carefully.

I know it's more of a pain in the ass, but consider reserving IP addresses (associated to MAC addresses on the client) where the reserved IP addresses are in your LAN's range.

Still, it seems like the DHCP may be incorrectoy configured.
0
gtimmonsAuthor Commented:
at one point we did have WINS on the same server as our DNS.  We found that when we disabled WINS last week we could VPN and everything was working just fine, well that only lasted one day and we have the same problem as before, you can VPN in but you cant access anything.
0
gtimmonsAuthor Commented:
We are running the VPN from the PIX 515
0
gtimmonsAuthor Commented:
DHCP on my LAN?  If so, how does that affect VPN when the VPN server?  My VPN server gives the incoming clients their IP address, the domain  name and the DNS server info.
0
martapCommented:

Hi,

You say you're not able to browse nor ACCESS your lan. If you cannot access your lan you won't be able to send DDNS updates also.

If you're not able to access your lan when you VPN in it's then a different problem and not a DDNS problem.

Post your PIX config and explain your setup a bit.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gtimmonsAuthor Commented:
Okay, here is my problem. Clients VPN in to the PIX successfully, they get an internal IP address.  When they try to access Outlook or any other map drive, it won't.

I have DNS, DHCP configured on one machine, no WINS.  

My VPN server, PIX, gives out the internal IP address and it says what the primary DNS server should be, along with the domain.


0
gtimmonsAuthor Commented:
When I look in my DNS manager I don't see my machine registering. I do see another machine who is also having the same issue when she VPN's in. She is registering in DNS with the IP address given to her from VPN.  I checked my DNS properties on my machine and I do have register the connection checked.  Even though she is registering she is having the same connection issue as me, so is everyone who VPN's in.
0
myron-szyCommented:
So what is the IP range in use for your Internal network?  Is it within one of the officially IP address ranges for internal addresses?  If so then `67.108.218.222` don't look right to me.
0
gtimmonsAuthor Commented:
the 67 is an external IP number, the PC I am using right now is outside the firewall.

when we vpn in we get a 10.40.5.xxx address, out internal scheme is 172.24.xxx.xxx
0
gtimmonsAuthor Commented:
could I be missing an entry in my DNS server config under forward lookup servers?
0
gtimmonsAuthor Commented:
problem solved with the help of Cisco tech support.  I had to add a access in my pix to allow data to flow.
0
Justin MaloneSystem AdministratorCommented:
then i guess martap was on the right track
0
martapCommented:

yeah!!, gimme gimme points... :)
0
Justin MaloneSystem AdministratorCommented:
lol
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.