Solved

DNS resolution through VPN tunnel

Posted on 2008-10-31
5
704 Views
Last Modified: 2012-05-05
I just setup a B2B VPN tunnel between our company and headquarters. All employees access a special corporate public web-portal which can be accessed from anywhere on the internet. One of the links on the portal, let's call it "acct.company.com" points to an accounting server and only works if the computer trying to access it is on a secure network over the VPN tunnel. Otherwise the user will get a page cannot be displayed. On our tunnel rules, we allow access to this accounting server by its IP, (10.55.55.1).

The problem is if a user click on the accts link, the web page resolves to "acct.company.com" which does not go through the tunnel and it fails. If I replace the "acct.company.com" with the server IP 10.55.55.1, it works. I am sure I need to created a record on our DNS server (Windows 2003 AD) but not sure how and if it will work through the tunnel.

Any help would be appreciated. Thanks!
0
Comment
Question by:lehan
  • 3
  • 2
5 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 22852759
You might also need a Hosts file entry on the client machine to associate an IP with a name. There are samples in the Hosts file (windows\system32\drivers\etc)  .... T
0
 
LVL 1

Author Comment

by:lehan
ID: 22853120
I tried the hosts file entry on my laptop but unfortunately that did not work.
I added:
10.55.55.1   acct.company.com

any idea how to add to the DNS server?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 22853327
DNS is available through Admin tools on the server, but I don't see how entries here will assist someone at the other end of a VPN tunnel. It may be that your entries in the VPN setup need to be modified, but I am not knowledgeable enough to make a suggestion. I use consultants myself to set up VPN's.  .... T
0
 
LVL 1

Author Comment

by:lehan
ID: 22853496
I am unable to find (so far) anyway of adding a url resolving to an IP in my firewall rules.
To clarify, a user on our end of the tunnel is trying to access a secure web server on the other end of the tunnel.
0
 
LVL 1

Accepted Solution

by:
lehan earned 0 total points
ID: 22900727
so I figured this one out and the solution had to do with our DNS server. I had to add a new forward lookup zone for acct.company.com on our DNS server, then created an A host record for the hostname.acct.company.com pointing to the server IP address. I tested it from a few machines and now the link is working and can see the traffic going through the tunnel.

I did have to flush dns on one of the machines to it get to work (ipconfig /flushdns).

since I found the solution myself, can the points be refunded?
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
Resolve DNS query failed errors for Exchange
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now