ASA 5505 DNS not working over VPN
I have a ASA 5505 at home. I can RDP to any PC by name when at home. When I am at work and VPN in, I cannot RDP by name. I have to use the IP address. I don't have a DNS server at home. I just have 3 PC's and the ASA. I'm using the Cisco VPN Client to connect.
ASKER
They are not on a domain.
If they are not on a domain, then you will not be able to address the remote computers by name as there is no central database where name resolution is kept.
You are able to connect to peered machines on the local network because of NetBIOS. See: http://technet.microsoft.com/en-us/library/bb727005.aspx#EEAA & "Host Name Resolution Process" in specific.
Get a DNS server or add manual entries in the lmhosts file for Name->IP resolution on the VPN client.
You are able to connect to peered machines on the local network because of NetBIOS. See: http://technet.microsoft.com/en-us/library/bb727005.aspx#EEAA & "Host Name Resolution Process" in specific.
Get a DNS server or add manual entries in the lmhosts file for Name->IP resolution on the VPN client.
Okay, I misread your question.
You want to connect to other local computers when VPNed in to the office.
What version of Cisco VPN Client are you using? Cisco VPN Client 4.6 has some known issues with split-tunneling and name resolution.
You want to connect to other local computers when VPNed in to the office.
What version of Cisco VPN Client are you using? Cisco VPN Client 4.6 has some known issues with split-tunneling and name resolution.
Wow, bad day for me..
You have an ASA at home, and you VPN into that from work. You cannot connect via name from work to home machines (IP address works.)
I fallback to my original: Get a DNS server or add manual entries in the hosts file for Name->IP resolution on the VPN client.
You have an ASA at home, and you VPN into that from work. You cannot connect via name from work to home machines (IP address works.)
I fallback to my original: Get a DNS server or add manual entries in the hosts file for Name->IP resolution on the VPN client.
Specifying the Primary and Secondary Servers
Before establishing a connection with an Easy VPN hardware client, you must specify the IP address of an Easy VPN server to which it will connect. Any ASA can act as an Easy VPN server, including another ASA 5505 configured as a headend, a VPN 3000 Series Concentrator, an IOS-based router, or a firewall.
The ASA 5505 Client always tries to set up the tunnel to the headend primary VPN server. If unable to set up the tunnel to the primary server, it tries the connection to the secondary_1 VPN server, and then sequentially down the list of VPN servers at 8 second intervals. If the setup tunnel to the secondary_1 server fails, the primary comes online during this time, and the ASA proceeds to set up the tunnel to the secondary_2 VPN server.
Use the vpnclient server command in global configuration mode, as follows:
[no] vpnclient server ip_primary [ip_secondary_1...ip_secon
no removes the command from the running configuration.
ip_primary_address is the IP address or DNS name of the primary Easy VPN server.
ip_secondary_address_n (Optional) is a list of the IP addresses or DNS names of up to ten backup Easy VPN servers. Use a space to separate the items in the list.
For example, enter the following command to configure a VPN client to use Easy VPN Server 10.10.10.15 as the primary server, and 10.10.10.30 and 192.168.10.45 as alternate servers:
hostname(config)# vpnclient server 10.10.10.15 10.10.10.30 192.168.10.10
hostname(config)#
Before establishing a connection with an Easy VPN hardware client, you must specify the IP address of an Easy VPN server to which it will connect. Any ASA can act as an Easy VPN server, including another ASA 5505 configured as a headend, a VPN 3000 Series Concentrator, an IOS-based router, or a firewall.
The ASA 5505 Client always tries to set up the tunnel to the headend primary VPN server. If unable to set up the tunnel to the primary server, it tries the connection to the secondary_1 VPN server, and then sequentially down the list of VPN servers at 8 second intervals. If the setup tunnel to the secondary_1 server fails, the primary comes online during this time, and the ASA proceeds to set up the tunnel to the secondary_2 VPN server.
Use the vpnclient server command in global configuration mode, as follows:
[no] vpnclient server ip_primary [ip_secondary_1...ip_secon
no removes the command from the running configuration.
ip_primary_address is the IP address or DNS name of the primary Easy VPN server.
ip_secondary_address_n (Optional) is a list of the IP addresses or DNS names of up to ten backup Easy VPN servers. Use a space to separate the items in the list.
For example, enter the following command to configure a VPN client to use Easy VPN Server 10.10.10.15 as the primary server, and 10.10.10.30 and 192.168.10.45 as alternate servers:
hostname(config)# vpnclient server 10.10.10.15 10.10.10.30 192.168.10.10
hostname(config)#
If its just a couple of machines at home, and you only access them from your machine, put their names and ip addresses in your host file?
ASKER
Is there software I can install on my PC at home that will work as a DNS server?
I can add it to my host file but the IP addresses always changes on the PC's at home. That's why I want to RDP by name because I can never find the PC by IP address.
Can I make the PC's always have the same IP?
I can add it to my host file but the IP addresses always changes on the PC's at home. That's why I want to RDP by name because I can never find the PC by IP address.
Can I make the PC's always have the same IP?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok I set the IP's on all the PC's. It works great! I will add them to the host file too. This will make it much easier.
Thanks!
Thanks!
ASKER
Issue resolved.
Try the FQDN of the machine, otherwise you need to add the domain via the VPN Policy to auto-append a DNS suffix.
i.e machine1.mydomain.local