Solved

Cisco vpn client dns problems

Posted on 2006-06-23
8
584 Views
Last Modified: 2008-01-09
We have recently setup vpn remote access to our company and everything, but one thing is working great.  When a user connects by the cisco vpn client they are not able to access the servers here on site by the dns name.  For example we have a server by the name of pylon_server.  A vpn remote user cannot connect to the server by using \\pylon_server, but instead must use the ip address of \\10.1.1.5.  This may be a simple problem to fix, but the COO just called wanting to access the server by name, so I need an answer quickly.
0
Comment
Question by:icarus2256
  • 4
  • 3
8 Comments
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
The quick solution would be to add entries in the host file on this computer.

Other wise, you need to check if you have allowed access to your internal DNS Server. This could be due to split tunnel VPN config.

What kind of VPN are you using.
0
 

Author Comment

by:icarus2256
Comment Utility
The VPN termination point is a Cisco ASA 5510.  The remote users are using the Cisco VPN client.  I am not looking for a quick fix, but the correct fix.
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
What is the access-list for the VPN users.

Have you configured your internal DNS IP address for VPN clients as well.

Does your access-list allow UDP/53 from VPN clients.
0
 

Author Comment

by:icarus2256
Comment Utility
We are using the permit-ipsec rule so the outside access-list doesn't filter VPN traffic.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 9

Assisted Solution

by:NYtechGuy
NYtechGuy earned 200 total points
Comment Utility

In the VPN config, you can specify what DNS servers your clients will be issued when they connect.  

/Justin
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
permit-ipsec is used so that you do not have to allow ipsec traffic inside your firewall.

But once this traffic is decrypted, it is again evaulated against an access-list.

Since this traffic is originating from subnet different from your internal their must exist some acl for the VPN IP Pool.

look for access-list where source ip is from pool you have defined for vpn clients.

Also make sure you have specified a valid DNS server in the configuration.

e.g

vpngroup group_name dns-server x.x.x.x
0
 

Author Comment

by:icarus2256
Comment Utility
Do you know where you specify the DNS servers when using the Cisco ASDM interface?  Sorry about the permit-ipsec comment, we do allow all ip traffic from remote vpn connections into the company.
0
 
LVL 13

Accepted Solution

by:
prashsax earned 200 total points
Comment Utility
Configuration > VPN > General > Group Policy > Add/Edit > Internal Group Policy > General Tab

See this link.
http://www.cisco.com/en/US/products/ps6121/products_user_guide_chapter09186a00806a2fc9.html

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now