Solved

VPN over 2 different ISPs and DNS is not working

Posted on 2009-05-20
16
232 Views
Last Modified: 2012-05-07
We have 2 offices and both have different ISPs.  We set up a VPN between both offices but when the VPN Tunnel is enabled DNS will not work in the remote office unless we use the main office's router IP as the DNS (therefore forcing resolution over the VPN).  But, if we turn the tunnel off, local DNS works fine.  We only have this issue in the remote office.

We tested the same router that was in the trouble location on a connection from the same ISP that we have in our main office and it works fine, no DNS issues.

What are we doing wrong?

The routers are Linksys RVS4000's running 1.2.10 firmware.
0
Comment
Question by:JALeeIT
  • 7
  • 5
16 Comments
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
I would begin by making note of the DNS servers you use at the remote site.  What is the Pri and sec at the remote, and at the primary site?  

What subnets are defined for the VPN tunnel at each site?  

Is this your DNS server or a public DNS server you want to use?  

0
 

Author Comment

by:JALeeIT
Comment Utility
subnets at each side are 192.168.6.0 for the main site, and 192.168.3.0 for remote site.
The DNS Servers at both sites are public DNS servers given to us by our ISPs.  So at our main site it's Cablevision DNS, and at our remote site it's TowerStream DNS.
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
What traffic do you have defined for the VPN?   (what traffic is the vpn capturing and sending across?)
0
 

Author Comment

by:JALeeIT
Comment Utility
I'm not sure.  The configuration page for the VPN isnt too advanced, so i don't see any routing options.
I attached the configuration page, the only other options that we have (didnt fit in the image) is Agressive mode and NetBIOS name.

VPN-Settings.jpg
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
I've used the same linksys in a linksys to ASA setup for VPN.   Once the Linksys has the destination subnet defined, everything other than that defined subnet should go across the local linksys internet connection.    

As a test, try changing the remote site's linksys DNS settings ( in the DHCP setup options) away from its ip and, instead, use the IP addresses of the DNS servers.    

0
 

Author Comment

by:JALeeIT
Comment Utility
are you talking about the LAN DHCP settings for the clients?  I had that thought this morning, and I will have to try it out.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:JALeeIT
Comment Utility
just looked at the router at the remote site and it appears my boss already tried that yesterday with no success.
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
Then something else is going on here....     With the VPN connected, can the remote users access anything on the internet without hopping through the main site?  

Tracert something to see where it's flowing.  

Put the local LAN DHCP DNS servers back to the public DNS (or even use openDNS servers instead of the ones you were given).   Try running nslookup, tracert the servers, etc....    What results do you get?   The VPN as defined should only be capturing traffic bound to the other 192.168.subnet.  

CAn you provide samples of tracerts with vpn up and with it down?  

Also, consider just simply resetting the router to factory default and recreating the VPN.   Should only take 10 minutes.     Sometimes, with Linksys, this fixes alot.  

0
 

Author Comment

by:JALeeIT
Comment Utility
We swapped out the switch feeding the router at the remote location and all is good.
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
glad its working.
0
 

Accepted Solution

by:
JALeeIT earned 0 total points
Comment Utility
I am the manager for the employee that posted the questions, the info is not exactly correct on how we fixed it, and does not explain what we really did to fix it. We added another router to the system with an additional static IP from the ISP. We pointed the DNS of the new router to the ISP's DNS [which did not work from the first router] we pointed the first routers DNS to the NEW Addiitonal router IP and that fixed it. Very weird. :) -richie einhorn IT
 
0
 

Author Comment

by:JALeeIT
Comment Utility
I am not sure why this would be closed when we did a work around, which does fix the problem, but is not the solution we wanted. ? The router should be able to use the DNS that is external, but it didn't work, so this is a work around. -r
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now