Mach03
asked on
DNS issue with VPN clients
I have a Linksys RVS4000 vpn router that's is working great. I have the internal clients setup as 10.0.0.10-xx but I'm not 100% sure I have the VPN clients setup correctly. It looks as though the VPN clients are setup as pass-through and not granted with an internal IP? Could that be right?
The client account can connect through vpn successfully, but I cannot ping the server by name, only by IP address. So I have a DNS issue here. Does anyone have any steps to successfully set the vpn clients correctly or have an idea as to what I missed?
I just looked and it's set to "gateway" mode and not router....
Thanks
The client account can connect through vpn successfully, but I cannot ping the server by name, only by IP address. So I have a DNS issue here. Does anyone have any steps to successfully set the vpn clients correctly or have an idea as to what I missed?
I just looked and it's set to "gateway" mode and not router....
Thanks
For clients there is no "pass-thru" mode at all. A client will always receive an IP address from the VPN server/device; the same with DNS server addresses and DNS suffixes. Depending on the VPN Client you are using, and some settings on the client, remote DNS is used or not.
Main issue with Windows: You can only use a single DNS server. So either the remote DNS server is used for resolving all names, or your local one (from ISP).
Name resolution is done best by using a WINS server (and propagating its IP to the client). The WINS server integrates with DNS, and is able to resolve NetBIOS names without need to apply DNS suffixes, which are different in most cases for your office and home.
Whatsoever, you can see DNS, IP and WINS settings while connected by issuing ipconfig /all in a command prompt.
Main issue with Windows: You can only use a single DNS server. So either the remote DNS server is used for resolving all names, or your local one (from ISP).
Name resolution is done best by using a WINS server (and propagating its IP to the client). The WINS server integrates with DNS, and is able to resolve NetBIOS names without need to apply DNS suffixes, which are different in most cases for your office and home.
Whatsoever, you can see DNS, IP and WINS settings while connected by issuing ipconfig /all in a command prompt.
"The client account can connect through vpn successfully, but I cannot ping the server by name, only by IP address"
1)is your client computer is a member of same domain? if not than how you will be able
2) when you are @ remote location, try to connect VPN, you will get IP, Subnet and Gaetway from your office but without "DNS" , but if you look closely before connecting VPN you have IP and DNS setting on your client computer (regardless of your computer is a member of Domain or not), and you will put local ISP DNS server address in your DNS setting and connect to VPN the first DNS will be your static DNS (ISP DNS) so in any case you should not be able to ping your server in your domain unless you get DNS from your office ( you can try adding server host names manully.
i also agree with Qlemo, Wins can resolve your issue.
1)is your client computer is a member of same domain? if not than how you will be able
2) when you are @ remote location, try to connect VPN, you will get IP, Subnet and Gaetway from your office but without "DNS" , but if you look closely before connecting VPN you have IP and DNS setting on your client computer (regardless of your computer is a member of Domain or not), and you will put local ISP DNS server address in your DNS setting and connect to VPN the first DNS will be your static DNS (ISP DNS) so in any case you should not be able to ping your server in your domain unless you get DNS from your office ( you can try adding server host names manully.
i also agree with Qlemo, Wins can resolve your issue.
I WANT TO CLERIFY
"you should not be able to ping your server in your domain unless you get DNS from your office ( you can try adding server host names manully"
this mean ping using hostname,
"you should not be able to ping your server in your domain unless you get DNS from your office ( you can try adding server host names manully"
this mean ping using hostname,
ASKER
I understand what your saying and that makes sense, but I fear that I may have a configuration issue with the VPN router I've never setup a RVS400 before.
At the client BEFORE I connect, I run ipconfig /all at a remote location (home dsl):
C:\Documents and Settings\Tom>ipconfig /all
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
Windows IP Configuration
Host Name . . . . . . . . . . . . : usergw
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.actdsltmp
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : Intel(R) 82566MC Gigabit Network Connection
Physical Address. . . . . . . . . : xx-xx-xx-xx
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.202
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
Lease Obtained. . . . . . . . . . : Wednesday, May 18, 2011 3:08:14 PM
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
Then I connect with the Linksys Quick Connect with the option "use remote DNS server" checked.
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
C:\Documents and Settings\Tom>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : usergw
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cisco
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : Intel(R) 82566MC Gigabit Network Connection
Physical Address. . . . . . . . . : xx-xx-xx-xx
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.202
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.10
192.168.0.1
Lease Obtained. . . . . . . . . . : Wednesday, May 18, 2011 3:08:53 PM
Lease Expires . . . . . . . . . . : Thursday, May 19, 2011 3:08:53 PM
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
Really the only thing that changed was the primary DNS, it was changed to 10.0.0.10 which is the IP of the DNS server. However the ip address is still the same should this have changed to an IP address used within the domain?
Also, I did install Wins on the dns server, but still can't ping the "server" hostname, just the IP address.
Does this seem correct?
At the client BEFORE I connect, I run ipconfig /all at a remote location (home dsl):
C:\Documents and Settings\Tom>ipconfig /all
--------------------------
Windows IP Configuration
Host Name . . . . . . . . . . . . : usergw
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.actdsltmp
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : Intel(R) 82566MC Gigabit Network Connection
Physical Address. . . . . . . . . : xx-xx-xx-xx
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.202
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
Lease Obtained. . . . . . . . . . : Wednesday, May 18, 2011 3:08:14 PM
--------------------------
Then I connect with the Linksys Quick Connect with the option "use remote DNS server" checked.
--------------------------
C:\Documents and Settings\Tom>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : usergw
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cisco
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : Intel(R) 82566MC Gigabit Network Connection
Physical Address. . . . . . . . . : xx-xx-xx-xx
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.202
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.10
192.168.0.1
Lease Obtained. . . . . . . . . . : Wednesday, May 18, 2011 3:08:53 PM
Lease Expires . . . . . . . . . . : Thursday, May 19, 2011 3:08:53 PM
--------------------------
Really the only thing that changed was the primary DNS, it was changed to 10.0.0.10 which is the IP of the DNS server. However the ip address is still the same should this have changed to an IP address used within the domain?
Also, I did install Wins on the dns server, but still can't ping the "server" hostname, just the IP address.
Does this seem correct?
its correct, may i know why you want name resolution via hostname?
WINS is only used if it is part of your IP config. According to ipconfig, it is not, so no wonder about it having no effect.
You might see that your overall domain suffix changed. What is strange (too me) is that there is only the new DNS suffix "cisco" in that config, not the local one, "domain.actdsltmp". On the other hand, that might be correct with the Linksys VPN client.
Try to issue
nslookup «hostname».cisco 10.0.0.10
if that resolves correctly,
nslookup «hostname» 10.0.0.10
The former will show if the DNS server knows the hostname in conjunction with the correct domain suffix, the latter if DNS suffixes are appended correctly.
Then hard-code the WINS server into your LAN IP config, and try again to reach by hostname.
If you want to make a long story short, the common way to maintain hostnames is to put the most important ones into your local hosts file in %SystemRoot%\system32\driv ers\etc .
You might see that your overall domain suffix changed. What is strange (too me) is that there is only the new DNS suffix "cisco" in that config, not the local one, "domain.actdsltmp". On the other hand, that might be correct with the Linksys VPN client.
Try to issue
nslookup «hostname».cisco 10.0.0.10
if that resolves correctly,
nslookup «hostname» 10.0.0.10
The former will show if the DNS server knows the hostname in conjunction with the correct domain suffix, the latter if DNS suffixes are appended correctly.
Then hard-code the WINS server into your LAN IP config, and try again to reach by hostname.
If you want to make a long story short, the common way to maintain hostnames is to put the most important ones into your local hosts file in %SystemRoot%\system32\driv
ASKER
I understand what you are saying and I think i have some sore of acl or port issue. After I connect with the QuickVPN, and run nslookup domain=denver
I receive " Can't find server name for address 10.0.0.10: Non-existent domain
Howerver, .10 is the domain controller. But I can ping .10, just not resolve the name. Could this also be a permission issue?
I receive " Can't find server name for address 10.0.0.10: Non-existent domain
Howerver, .10 is the domain controller. But I can ping .10, just not resolve the name. Could this also be a permission issue?
my dear dont confuse yourself.
Hostname resolution (name server lookup uisng hostname) can only be possible if you have DNS server in place + your DNS server has A record of the name server you are trying to ping/resolve.
in your case you have your router as gateway + DNS server, thats why you are unable to reolve name server using hostname.
Hostname resolution (name server lookup uisng hostname) can only be possible if you have DNS server in place + your DNS server has A record of the name server you are trying to ping/resolve.
in your case you have your router as gateway + DNS server, thats why you are unable to reolve name server using hostname.
Hi,
As I have told you in my frst message this DNS addres ahss been pushed to the VPN cient from the VPN server. So you'll need to configure the VPN here and you have to set the DNS to your internal onae so that it will push your inside DNS to clients.
It is easy and tiis at the first Page of VPN configuration on RV400 on "Remote Group Setup".
Cheers,
K.
As I have told you in my frst message this DNS addres ahss been pushed to the VPN cient from the VPN server. So you'll need to configure the VPN here and you have to set the DNS to your internal onae so that it will push your inside DNS to clients.
It is easy and tiis at the first Page of VPN configuration on RV400 on "Remote Group Setup".
Cheers,
K.
ASKER
Thank you Syed and KeremE for keeping me on track and your both right, it's the dns setting. In your example above. 182.168.20.33 is your internal DNS server right?
ASKER
What if these VPN clients aren't a member of the domain? How can I set them up to use the internal DNS server, but not have to join them to the domain?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
... or if you can change that settings on a (virtual) network card's TCP/IP setting manually.
DNS setting resides with the server. So you should add DNS server that your clients will use on connection. This is not a clientside setting.
Cheers,
K.