• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 719
  • Last Modified:

DNS resolution through VPN tunnel

I just setup a B2B VPN tunnel between our company and headquarters. All employees access a special corporate public web-portal which can be accessed from anywhere on the internet. One of the links on the portal, let's call it "acct.company.com" points to an accounting server and only works if the computer trying to access it is on a secure network over the VPN tunnel. Otherwise the user will get a page cannot be displayed. On our tunnel rules, we allow access to this accounting server by its IP, (10.55.55.1).

The problem is if a user click on the accts link, the web page resolves to "acct.company.com" which does not go through the tunnel and it fails. If I replace the "acct.company.com" with the server IP 10.55.55.1, it works. I am sure I need to created a record on our DNS server (Windows 2003 AD) but not sure how and if it will work through the tunnel.

Any help would be appreciated. Thanks!
0
lehan
Asked:
lehan
  • 3
  • 2
1 Solution
 
John HurstBusiness Consultant (Owner)Commented:
You might also need a Hosts file entry on the client machine to associate an IP with a name. There are samples in the Hosts file (windows\system32\drivers\etc)  .... T
0
 
lehanAuthor Commented:
I tried the hosts file entry on my laptop but unfortunately that did not work.
I added:
10.55.55.1   acct.company.com

any idea how to add to the DNS server?
0
 
John HurstBusiness Consultant (Owner)Commented:
DNS is available through Admin tools on the server, but I don't see how entries here will assist someone at the other end of a VPN tunnel. It may be that your entries in the VPN setup need to be modified, but I am not knowledgeable enough to make a suggestion. I use consultants myself to set up VPN's.  .... T
0
 
lehanAuthor Commented:
I am unable to find (so far) anyway of adding a url resolving to an IP in my firewall rules.
To clarify, a user on our end of the tunnel is trying to access a secure web server on the other end of the tunnel.
0
 
lehanAuthor Commented:
so I figured this one out and the solution had to do with our DNS server. I had to add a new forward lookup zone for acct.company.com on our DNS server, then created an A host record for the hostname.acct.company.com pointing to the server IP address. I tested it from a few machines and now the link is working and can see the traffic going through the tunnel.

I did have to flush dns on one of the machines to it get to work (ipconfig /flushdns).

since I found the solution myself, can the points be refunded?
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now