• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 540
  • Last Modified:

IPSec VPN and DNS Problem

Hello Experts,

I thought I would re-post my dilemma as no one seems to responding to my last question.
In my previous post I asked the following:

 have a successfully set up a site-to-site vpn with the spoke router being in my office and the hub being at my data centre. I'm using routers at both ends.
The spoke cisco router (877) is connected to a netgear router which is connected to the internet.
I'm able to ping the ip addresses of servers/workstations across the vpn at both locations. The problem is, I can't ping the netbios name or hostname.
This is clearly a DNS problem but I'm unclear on how to configure the routers for DNS over a IPsec vpn.
I have attached the configs for both the spoke and hub.
Can someone please help me resolve this issue?

If someone could respond and follow through after answering that would great.

As before I hae attached the configs for the spoke and hub router.

Thanks in advance

Carlton
hub.txt
spoke.txt
0
cpatte7372
Asked:
cpatte7372
  • 6
  • 6
2 Solutions
 
Istvan KalmarCommented:
Did you configured WINS server on clients?
0
 
Istvan KalmarCommented:
netbios is an L2 protocoll, so if you want to use please send the UDP 139 bradcated packets to other end broadcast address

for example:

int fast 0
 ip helper address 192.168.2.255
 ip directed-broadcast
!
ip forward-protocol udp netbios-ss
0
 
cpatte7372Author Commented:
ikalmar,

I don't use WINS. I use DNS

Are you saying I need to send a broadcast address across the vpn?

Cheers

Carlton
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
Istvan KalmarCommented:
the dns is working on L3 L2L vpn always...

BUt id you want to use netbios you must forward the netbios request to other side, or us WINS
0
 
cpatte7372Author Commented:
Ikalmar,

When originally asked the question I was given the following answer by a Guru, which makes sense but I don't know what exactly he meant:

Your spoke router dhcp is giving out DNS 90.207.239.x. That looks like a public DNS provided by your ISP. Unless that DNS have knowledge of your internal network, otherwise it cannot resolve your internal network names. Try to use 192.168.1.5 instead.

The problem of using 192.168.1.5, is if the VPN is down, then your spoke network will lost all DNS functionality.

Any ideas?

Cheers
0
 
Istvan KalmarCommented:
do you use public DNS server?
0
 
cpatte7372Author Commented:
Can anyone help me ????
0
 
cpatte7372Author Commented:
Yes I do use a public DNS server?
0
 
Istvan KalmarCommented:
please use local dns server
0
 
cpatte7372Author Commented:
ikalmar,

Would you be able to take a look at the attached configs and show me?

Cheers

Carlton
0
 
Istvan KalmarCommented:
ok there is two way, you broadcsating netbios over vpn, or configure DNS server a PC that directlsy connected locally to your network!
0
 
decoleurCommented:
do this, use a local dns server as your primary and then the external dns server as your secondary, that way names will initially try to resolve internally and if they are not available they will go out.

the issue is that ipsec vpn tunnels does not forward udp broadcast traffic and that is the basis for the netbios discovery protocol, this is why users set up dmvpn solutions that have ipsec encapsulated in gre tunnels.

the quick change to your dns will work and you wont have to reconfigure your tunnels to accomodate it.

regards,

-t
0
 
cpatte7372Author Commented:
Thanks guys
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now