Solved

Clients can't resolve DNS while connected to Cisco VPN Concentrator

Posted on 2007-03-26
3
725 Views
Last Modified: 2010-04-12
I have users who connect to our network via Cisco VPN Clients (4.8) to a 3000 series Cisco Concentrator.  Users connect to the concentrator without problem, however they cannot resolve internal DNS records.  An IP config /all shows that the vpn server is assigning the clients the correct 2 dns servers.  

Also doing an nslookup off of these assigned servers fails (ie nslookup mail 192.158.0.214) ... i know these dns servers work, as they are working for normal users on the LAN.  VPN users can connect to any network resource via IP address instead of DNS...for example they can ping any host by IP.  We have tried ipconfig /flushdns without luck.  Any help would be apreciated.

derek
0
Comment
Question by:corpdsinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 18797332
>VPN users can connect to any network resource via IP address instead of DNS...for example they can ping any host by IP.

Can they explicitly ping the DNS servers by IP address?

Can you post the output of the ipconfig /all command from one of the connected VPN clients?  Also, what is the split tunneling definition for the VPN clients on the concentrator?
0
 
LVL 1

Author Comment

by:corpdsinc
ID: 18797420
Hello Batry Boy,
I can ping  the dns servers as shown below.     Also the split tunneling is set to only tunnel networks in this list
192.168.0.0/0.0.0.255
192.168.1.0/0.0.0.255
192.168.2.0/0.0.0.255
192.168.3.0/0.0.0.255


Connection-specific DNS Suffix  . : ph.cox.net
        Description . . . . . . . . . . . : Dell Wireless 1450 Dual-band (802.11
a/b/g) USB2.0 Adapter #6
        Physical Address. . . . . . . . . : 00-14-A5-07-76-E1
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.104
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 68.2.16.25
                                            68.2.16.30
                                            68.6.16.30
        Lease Obtained. . . . . . . . . . : Monday, March 26, 2007 11:35:49 AM
        Lease Expires . . . . . . . . . . : Tuesday, March 27, 2007 11:35:49 AM

Ethernet adapter Local Area Connection 9:

        Connection-specific DNS Suffix  . : SMC
        Description . . . . . . . . . . . : Cisco Systems VPN Adapter
        Physical Address. . . . . . . . . : 00-05-9A-3C-78-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.0.112
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : 192.168.0.214
                                            192.168.0.17

C:\Documents and Settings\Derek>ping 192.168.0.214

Pinging 192.168.0.214 with 32 bytes of data:

Reply from 192.168.0.214: bytes=32 time=45ms TTL=127
Reply from 192.168.0.214: bytes=32 time=40ms TTL=127

Ping statistics for 192.168.0.214:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 40ms, Maximum = 45ms, Average = 42ms
Control-C
^C
C:\Documents and Settings\Derek>ping 192.168.0.17

Pinging 192.168.0.17 with 32 bytes of data:

Reply from 192.168.0.17: bytes=32 time=55ms TTL=127

Ping statistics for 192.168.0.17:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 55ms, Maximum = 55ms, Average = 55ms
Control-C

0
 
LVL 20

Accepted Solution

by:
RPPreacher earned 250 total points
ID: 18799225
Please post a ping to an internal host.

Also ping using netbios name (like PING HOST) and using FQDN (like PING HOST.DOMAIN.TLD)

If FQDN works, make sure your domain is defined in VPN3000.  This is under configuration/interfaces

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00803ee11c.html#wp1003061
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Gateway Resilience 4 72
Cisco ASDM device NT domain question 4 64
AnyConnect VPN - No LAN access 1 87
Updating Group Policy over a PPTP VPN 21 65
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question