Solved

Clients can't resolve DNS while connected to Cisco VPN Concentrator

Posted on 2007-03-26
3
719 Views
Last Modified: 2010-04-12
I have users who connect to our network via Cisco VPN Clients (4.8) to a 3000 series Cisco Concentrator.  Users connect to the concentrator without problem, however they cannot resolve internal DNS records.  An IP config /all shows that the vpn server is assigning the clients the correct 2 dns servers.  

Also doing an nslookup off of these assigned servers fails (ie nslookup mail 192.158.0.214) ... i know these dns servers work, as they are working for normal users on the LAN.  VPN users can connect to any network resource via IP address instead of DNS...for example they can ping any host by IP.  We have tried ipconfig /flushdns without luck.  Any help would be apreciated.

derek
0
Comment
Question by:corpdsinc
3 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 18797332
>VPN users can connect to any network resource via IP address instead of DNS...for example they can ping any host by IP.

Can they explicitly ping the DNS servers by IP address?

Can you post the output of the ipconfig /all command from one of the connected VPN clients?  Also, what is the split tunneling definition for the VPN clients on the concentrator?
0
 
LVL 1

Author Comment

by:corpdsinc
ID: 18797420
Hello Batry Boy,
I can ping  the dns servers as shown below.     Also the split tunneling is set to only tunnel networks in this list
192.168.0.0/0.0.0.255
192.168.1.0/0.0.0.255
192.168.2.0/0.0.0.255
192.168.3.0/0.0.0.255


Connection-specific DNS Suffix  . : ph.cox.net
        Description . . . . . . . . . . . : Dell Wireless 1450 Dual-band (802.11
a/b/g) USB2.0 Adapter #6
        Physical Address. . . . . . . . . : 00-14-A5-07-76-E1
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.104
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 68.2.16.25
                                            68.2.16.30
                                            68.6.16.30
        Lease Obtained. . . . . . . . . . : Monday, March 26, 2007 11:35:49 AM
        Lease Expires . . . . . . . . . . : Tuesday, March 27, 2007 11:35:49 AM

Ethernet adapter Local Area Connection 9:

        Connection-specific DNS Suffix  . : SMC
        Description . . . . . . . . . . . : Cisco Systems VPN Adapter
        Physical Address. . . . . . . . . : 00-05-9A-3C-78-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.0.112
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : 192.168.0.214
                                            192.168.0.17

C:\Documents and Settings\Derek>ping 192.168.0.214

Pinging 192.168.0.214 with 32 bytes of data:

Reply from 192.168.0.214: bytes=32 time=45ms TTL=127
Reply from 192.168.0.214: bytes=32 time=40ms TTL=127

Ping statistics for 192.168.0.214:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 40ms, Maximum = 45ms, Average = 42ms
Control-C
^C
C:\Documents and Settings\Derek>ping 192.168.0.17

Pinging 192.168.0.17 with 32 bytes of data:

Reply from 192.168.0.17: bytes=32 time=55ms TTL=127

Ping statistics for 192.168.0.17:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 55ms, Maximum = 55ms, Average = 55ms
Control-C

0
 
LVL 20

Accepted Solution

by:
RPPreacher earned 250 total points
ID: 18799225
Please post a ping to an internal host.

Also ping using netbios name (like PING HOST) and using FQDN (like PING HOST.DOMAIN.TLD)

If FQDN works, make sure your domain is defined in VPN3000.  This is under configuration/interfaces

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00803ee11c.html#wp1003061
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now