IPSec VPN and DNS Problem
Hello Experts,
I thought I would re-post my dilemma as no one seems to responding to my last question.
In my previous post I asked the following:
have a successfully set up a site-to-site vpn with the spoke router being in my office and the hub being at my data centre. I'm using routers at both ends.
The spoke cisco router (877) is connected to a netgear router which is connected to the internet.
I'm able to ping the ip addresses of servers/workstations across the vpn at both locations. The problem is, I can't ping the netbios name or hostname.
This is clearly a DNS problem but I'm unclear on how to configure the routers for DNS over a IPsec vpn.
I have attached the configs for both the spoke and hub.
Can someone please help me resolve this issue?
If someone could respond and follow through after answering that would great.
As before I hae attached the configs for the spoke and hub router.
Thanks in advance
Carlton
hub.txt
spoke.txt
I thought I would re-post my dilemma as no one seems to responding to my last question.
In my previous post I asked the following:
have a successfully set up a site-to-site vpn with the spoke router being in my office and the hub being at my data centre. I'm using routers at both ends.
The spoke cisco router (877) is connected to a netgear router which is connected to the internet.
I'm able to ping the ip addresses of servers/workstations across the vpn at both locations. The problem is, I can't ping the netbios name or hostname.
This is clearly a DNS problem but I'm unclear on how to configure the routers for DNS over a IPsec vpn.
I have attached the configs for both the spoke and hub.
Can someone please help me resolve this issue?
If someone could respond and follow through after answering that would great.
As before I hae attached the configs for the spoke and hub router.
Thanks in advance
Carlton
hub.txt
spoke.txt
Istvan Kalmar
Did you configured WINS server on clients?
netbios is an L2 protocoll, so if you want to use please send the UDP 139 bradcated packets to other end broadcast address
for example:
int fast 0
ip helper address 192.168.2.255
ip directed-broadcast
!
ip forward-protocol udp netbios-ss
for example:
int fast 0
ip helper address 192.168.2.255
ip directed-broadcast
!
ip forward-protocol udp netbios-ss
ASKER
ikalmar,
I don't use WINS. I use DNS
Are you saying I need to send a broadcast address across the vpn?
Cheers
Carlton
I don't use WINS. I use DNS
Are you saying I need to send a broadcast address across the vpn?
Cheers
Carlton
the dns is working on L3 L2L vpn always...
BUt id you want to use netbios you must forward the netbios request to other side, or us WINS
BUt id you want to use netbios you must forward the netbios request to other side, or us WINS
ASKER
Ikalmar,
When originally asked the question I was given the following answer by a Guru, which makes sense but I don't know what exactly he meant:
Your spoke router dhcp is giving out DNS 90.207.239.x. That looks like a public DNS provided by your ISP. Unless that DNS have knowledge of your internal network, otherwise it cannot resolve your internal network names. Try to use 192.168.1.5 instead.
The problem of using 192.168.1.5, is if the VPN is down, then your spoke network will lost all DNS functionality.
Any ideas?
Cheers
When originally asked the question I was given the following answer by a Guru, which makes sense but I don't know what exactly he meant:
Your spoke router dhcp is giving out DNS 90.207.239.x. That looks like a public DNS provided by your ISP. Unless that DNS have knowledge of your internal network, otherwise it cannot resolve your internal network names. Try to use 192.168.1.5 instead.
The problem of using 192.168.1.5, is if the VPN is down, then your spoke network will lost all DNS functionality.
Any ideas?
Cheers
do you use public DNS server?
ASKER
Can anyone help me ????
ASKER
Yes I do use a public DNS server?
please use local dns server
ASKER
ikalmar,
Would you be able to take a look at the attached configs and show me?
Cheers
Carlton
Would you be able to take a look at the attached configs and show me?
Cheers
Carlton
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks guys