Solved

DNS resolution through VPN tunnel

Posted on 2008-10-31
5
708 Views
Last Modified: 2012-05-05
I just setup a B2B VPN tunnel between our company and headquarters. All employees access a special corporate public web-portal which can be accessed from anywhere on the internet. One of the links on the portal, let's call it "acct.company.com" points to an accounting server and only works if the computer trying to access it is on a secure network over the VPN tunnel. Otherwise the user will get a page cannot be displayed. On our tunnel rules, we allow access to this accounting server by its IP, (10.55.55.1).

The problem is if a user click on the accts link, the web page resolves to "acct.company.com" which does not go through the tunnel and it fails. If I replace the "acct.company.com" with the server IP 10.55.55.1, it works. I am sure I need to created a record on our DNS server (Windows 2003 AD) but not sure how and if it will work through the tunnel.

Any help would be appreciated. Thanks!
0
Comment
Question by:lehan
  • 3
  • 2
5 Comments
 
LVL 93

Expert Comment

by:John Hurst
ID: 22852759
You might also need a Hosts file entry on the client machine to associate an IP with a name. There are samples in the Hosts file (windows\system32\drivers\etc)  .... T
0
 
LVL 1

Author Comment

by:lehan
ID: 22853120
I tried the hosts file entry on my laptop but unfortunately that did not work.
I added:
10.55.55.1   acct.company.com

any idea how to add to the DNS server?
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 22853327
DNS is available through Admin tools on the server, but I don't see how entries here will assist someone at the other end of a VPN tunnel. It may be that your entries in the VPN setup need to be modified, but I am not knowledgeable enough to make a suggestion. I use consultants myself to set up VPN's.  .... T
0
 
LVL 1

Author Comment

by:lehan
ID: 22853496
I am unable to find (so far) anyway of adding a url resolving to an IP in my firewall rules.
To clarify, a user on our end of the tunnel is trying to access a secure web server on the other end of the tunnel.
0
 
LVL 1

Accepted Solution

by:
lehan earned 0 total points
ID: 22900727
so I figured this one out and the solution had to do with our DNS server. I had to add a new forward lookup zone for acct.company.com on our DNS server, then created an A host record for the hostname.acct.company.com pointing to the server IP address. I tested it from a few machines and now the link is working and can see the traffic going through the tunnel.

I did have to flush dns on one of the machines to it get to work (ipconfig /flushdns).

since I found the solution myself, can the points be refunded?
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Can't See Site After DNS Resolved 7 58
ERR_NAME_NOT_RESOLVED 7 32
What is doing the required checks on the SPF and DMARC records? 11 35
Forest and doamin tree 3 26
This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question