JALeeIT
asked on
VPN over 2 different ISPs and DNS is not working
We have 2 offices and both have different ISPs. We set up a VPN between both offices but when the VPN Tunnel is enabled DNS will not work in the remote office unless we use the main office's router IP as the DNS (therefore forcing resolution over the VPN). But, if we turn the tunnel off, local DNS works fine. We only have this issue in the remote office.
We tested the same router that was in the trouble location on a connection from the same ISP that we have in our main office and it works fine, no DNS issues.
What are we doing wrong?
The routers are Linksys RVS4000's running 1.2.10 firmware.
We tested the same router that was in the trouble location on a connection from the same ISP that we have in our main office and it works fine, no DNS issues.
What are we doing wrong?
The routers are Linksys RVS4000's running 1.2.10 firmware.
ASKER
subnets at each side are 192.168.6.0 for the main site, and 192.168.3.0 for remote site.
The DNS Servers at both sites are public DNS servers given to us by our ISPs. So at our main site it's Cablevision DNS, and at our remote site it's TowerStream DNS.
The DNS Servers at both sites are public DNS servers given to us by our ISPs. So at our main site it's Cablevision DNS, and at our remote site it's TowerStream DNS.
What traffic do you have defined for the VPN? (what traffic is the vpn capturing and sending across?)
ASKER
I'm not sure. The configuration page for the VPN isnt too advanced, so i don't see any routing options.
I attached the configuration page, the only other options that we have (didnt fit in the image) is Agressive mode and NetBIOS name.
VPN-Settings.jpg
I attached the configuration page, the only other options that we have (didnt fit in the image) is Agressive mode and NetBIOS name.
VPN-Settings.jpg
I've used the same linksys in a linksys to ASA setup for VPN. Once the Linksys has the destination subnet defined, everything other than that defined subnet should go across the local linksys internet connection.
As a test, try changing the remote site's linksys DNS settings ( in the DHCP setup options) away from its ip and, instead, use the IP addresses of the DNS servers.
As a test, try changing the remote site's linksys DNS settings ( in the DHCP setup options) away from its ip and, instead, use the IP addresses of the DNS servers.
ASKER
are you talking about the LAN DHCP settings for the clients? I had that thought this morning, and I will have to try it out.
ASKER
just looked at the router at the remote site and it appears my boss already tried that yesterday with no success.
Then something else is going on here.... With the VPN connected, can the remote users access anything on the internet without hopping through the main site?
Tracert something to see where it's flowing.
Put the local LAN DHCP DNS servers back to the public DNS (or even use openDNS servers instead of the ones you were given). Try running nslookup, tracert the servers, etc.... What results do you get? The VPN as defined should only be capturing traffic bound to the other 192.168.subnet.
CAn you provide samples of tracerts with vpn up and with it down?
Also, consider just simply resetting the router to factory default and recreating the VPN. Should only take 10 minutes. Sometimes, with Linksys, this fixes alot.
Tracert something to see where it's flowing.
Put the local LAN DHCP DNS servers back to the public DNS (or even use openDNS servers instead of the ones you were given). Try running nslookup, tracert the servers, etc.... What results do you get? The VPN as defined should only be capturing traffic bound to the other 192.168.subnet.
CAn you provide samples of tracerts with vpn up and with it down?
Also, consider just simply resetting the router to factory default and recreating the VPN. Should only take 10 minutes. Sometimes, with Linksys, this fixes alot.
ASKER
We swapped out the switch feeding the router at the remote location and all is good.
glad its working.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am not sure why this would be closed when we did a work around, which does fix the problem, but is not the solution we wanted. ? The router should be able to use the DNS that is external, but it didn't work, so this is a work around. -r
What subnets are defined for the VPN tunnel at each site?
Is this your DNS server or a public DNS server you want to use?