Solved

VPN over 2 different ISPs and DNS is not working

Posted on 2009-05-20
16
238 Views
Last Modified: 2012-05-07
We have 2 offices and both have different ISPs.  We set up a VPN between both offices but when the VPN Tunnel is enabled DNS will not work in the remote office unless we use the main office's router IP as the DNS (therefore forcing resolution over the VPN).  But, if we turn the tunnel off, local DNS works fine.  We only have this issue in the remote office.

We tested the same router that was in the trouble location on a connection from the same ISP that we have in our main office and it works fine, no DNS issues.

What are we doing wrong?

The routers are Linksys RVS4000's running 1.2.10 firmware.
0
Comment
Question by:JALeeIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
16 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 24432245
I would begin by making note of the DNS servers you use at the remote site.  What is the Pri and sec at the remote, and at the primary site?  

What subnets are defined for the VPN tunnel at each site?  

Is this your DNS server or a public DNS server you want to use?  

0
 

Author Comment

by:JALeeIT
ID: 24432335
subnets at each side are 192.168.6.0 for the main site, and 192.168.3.0 for remote site.
The DNS Servers at both sites are public DNS servers given to us by our ISPs.  So at our main site it's Cablevision DNS, and at our remote site it's TowerStream DNS.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 24432468
What traffic do you have defined for the VPN?   (what traffic is the vpn capturing and sending across?)
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:JALeeIT
ID: 24432609
I'm not sure.  The configuration page for the VPN isnt too advanced, so i don't see any routing options.
I attached the configuration page, the only other options that we have (didnt fit in the image) is Agressive mode and NetBIOS name.

VPN-Settings.jpg
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 24432653
I've used the same linksys in a linksys to ASA setup for VPN.   Once the Linksys has the destination subnet defined, everything other than that defined subnet should go across the local linksys internet connection.    

As a test, try changing the remote site's linksys DNS settings ( in the DHCP setup options) away from its ip and, instead, use the IP addresses of the DNS servers.    

0
 

Author Comment

by:JALeeIT
ID: 24433362
are you talking about the LAN DHCP settings for the clients?  I had that thought this morning, and I will have to try it out.
0
 

Author Comment

by:JALeeIT
ID: 24433444
just looked at the router at the remote site and it appears my boss already tried that yesterday with no success.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 24433649
Then something else is going on here....     With the VPN connected, can the remote users access anything on the internet without hopping through the main site?  

Tracert something to see where it's flowing.  

Put the local LAN DHCP DNS servers back to the public DNS (or even use openDNS servers instead of the ones you were given).   Try running nslookup, tracert the servers, etc....    What results do you get?   The VPN as defined should only be capturing traffic bound to the other 192.168.subnet.  

CAn you provide samples of tracerts with vpn up and with it down?  

Also, consider just simply resetting the router to factory default and recreating the VPN.   Should only take 10 minutes.     Sometimes, with Linksys, this fixes alot.  

0
 

Author Comment

by:JALeeIT
ID: 24592929
We swapped out the switch feeding the router at the remote location and all is good.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 24603532
glad its working.
0
 

Accepted Solution

by:
JALeeIT earned 0 total points
ID: 24603965
I am the manager for the employee that posted the questions, the info is not exactly correct on how we fixed it, and does not explain what we really did to fix it. We added another router to the system with an additional static IP from the ISP. We pointed the DNS of the new router to the ISP's DNS [which did not work from the first router] we pointed the first routers DNS to the NEW Addiitonal router IP and that fixed it. Very weird. :) -richie einhorn IT
 
0
 

Author Comment

by:JALeeIT
ID: 24636923
I am not sure why this would be closed when we did a work around, which does fix the problem, but is not the solution we wanted. ? The router should be able to use the DNS that is external, but it didn't work, so this is a work around. -r
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question