Cisco IPSec VPN and DNS Problem
Hello Experts,
I wonder if you can help me?
I have a successfully set up a site-to-site vpn with the spoke router being in my office and the hub being at my data centre. I'm using routers at both ends.
The spoke cisco router (877) is connected to a netgear router which is connected to the internet.
I'm able to ping the ip addresses of servers/workstations across the vpn at both locations. The problem is, I can't ping the netbios name or hostname.
This is clearly a DNS problem but I'm unclear on how to configure the routers for DNS over a IPsec vpn.
I have attached the configs for both the spoke and hub.
Can someone please help me resolve this issue?
Cheers
Carlton
spoke.txt
hub.txt
I wonder if you can help me?
I have a successfully set up a site-to-site vpn with the spoke router being in my office and the hub being at my data centre. I'm using routers at both ends.
The spoke cisco router (877) is connected to a netgear router which is connected to the internet.
I'm able to ping the ip addresses of servers/workstations across the vpn at both locations. The problem is, I can't ping the netbios name or hostname.
This is clearly a DNS problem but I'm unclear on how to configure the routers for DNS over a IPsec vpn.
I have attached the configs for both the spoke and hub.
Can someone please help me resolve this issue?
Cheers
Carlton
spoke.txt
hub.txt
ASKER
GuruChiu
Thanks for getting back to me.
You mentioned using 192.168.1.5. Can you explain why that IP address? Did you mean 192.168.0.5?
Cheers
Carlton
Thanks for getting back to me.
You mentioned using 192.168.1.5. Can you explain why that IP address? Did you mean 192.168.0.5?
Cheers
Carlton
ASKER
GuruChiu,
I inserted in the ip address of 192.168.05 and still no luck. Can you assist me further?
Cheers
If any other expert has any ideas it would be very much welcomed
I inserted in the ip address of 192.168.05 and still no luck. Can you assist me further?
Cheers
If any other expert has any ideas it would be very much welcomed
ASKER
GuruChiu,
I have now changed the configuration on the spoke to look like the following:
ip dhcp pool dhcppool
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.0.5
dns-server 192.168.0.5
!
!
ip cef
no ip domain lookup
ip domain name keyloop.com
ip name-server 192.168.0.5
no ipv6 cef
!
However, I still can't ping the hostname from my workstations at the hub!
(as a matter of fact I can't ping anything with the above amendment)
Any further suggestions?
Cheers
Carlton
I have now changed the configuration on the spoke to look like the following:
ip dhcp pool dhcppool
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.0.5
dns-server 192.168.0.5
!
!
ip cef
no ip domain lookup
ip domain name keyloop.com
ip name-server 192.168.0.5
no ipv6 cef
!
However, I still can't ping the hostname from my workstations at the hub!
(as a matter of fact I can't ping anything with the above amendment)
Any further suggestions?
Cheers
Carlton
For your hub configuration, it seems that your HQ is using DNS 192.168.1.5. It is not 192.168.0.5. Your default-router should be 192.168.2.1.
I look at your spoke configuration further. You have a strange way of doing it. Looks like you only have WiFi connection on the inside, and Ethernet connection to the Netgear on the outside. You do not have inside wired Ethernet. Is this correct?
I look at your spoke configuration further. You have a strange way of doing it. Looks like you only have WiFi connection on the inside, and Ethernet connection to the Netgear on the outside. You do not have inside wired Ethernet. Is this correct?
ASKER
Hi GuruChiu,
Thanks for getting back to me.
You are correct, I do not have inside wired Ethernet.
I will try the configuration with 192.168.1.5 as you suggested and see if that works. Hopefully, you will be still online when I come back in 15mins.
Cheers
Carlton
Thanks for getting back to me.
You are correct, I do not have inside wired Ethernet.
I will try the configuration with 192.168.1.5 as you suggested and see if that works. Hopefully, you will be still online when I come back in 15mins.
Cheers
Carlton
ASKER
GuruChiu,
I'm still a little confused, are you saying I should configure my spoke with 192.168.1.5 as the DNS?
I'm still a little confused, are you saying I should configure my spoke with 192.168.1.5 as the DNS?
ASKER
OK Guru,
It worked from the spoke. Can you let me know what is needed for me to ping the hostname from the hub?
Cheers
It worked from the spoke. Can you let me know what is needed for me to ping the hostname from the hub?
Cheers
ASKER
I guest the question is why is that I can ping the hostname of the workstation attached to the hub with ip address 192.168.1.5 but can't ping the workstation attached to the spoke with ip address 192.168.2.6 when all I changed on the spoke was:
ip dhcp pool dhcppool
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.0.5
dns-server 192.168.1.5 (that used to be 90.207.238.x)
!
Can someone please tell me what other changes I need to make in order to be able ping the hostname of the workstation attached to the spoke?
Cheers
Carlton
ip dhcp pool dhcppool
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.0.5
dns-server 192.168.1.5 (that used to be 90.207.238.x)
!
Can someone please tell me what other changes I need to make in order to be able ping the hostname of the workstation attached to the spoke?
Cheers
Carlton
Are you able to ping hub hosts using host name from the spoke?
What do you mean by "ping the hostname from the hub"? Do you mean ping hub hosts using host name from the hub, or spoke hosts using host name from the hub?
What do you mean by "ping the hostname from the hub"? Do you mean ping hub hosts using host name from the hub, or spoke hosts using host name from the hub?
ASKER
GuruChiu,
I can ping hub hostnames from workstation connected to the spoke. Thank you.
I now would like to ping spoke hostnames from workstations connected to the hub. Any ideas?
Chee
I can ping hub hostnames from workstation connected to the spoke. Thank you.
I now would like to ping spoke hostnames from workstations connected to the hub. Any ideas?
Chee
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your help. Your solution fixed the issue.
The problem of using 192.168.1.5, is if the VPN is down, then your spoke network will lost all DNS functionality.