Solved

IPSec Site-to-Site VPN DNS resolving issues

Posted on 2011-09-15
4
286 Views
Last Modified: 2012-05-12
Experts,

I'm having a bit of a strange problem.  I've recently stood up a stie-to-site vpn between two sites with static IPs.  Both sites are using a Cisco RVS4000, and the VPN came up with no issues.

Now that the VPN is up, I'm having DNS issues.  On the remote end, I have clients set to use the DNS server in the primary site.

I can hit the server via its internal IP, but whenever I try and resolve any host names, DNS is returning the external IP address of the primary site.

I've flushed the DNS cache on all sides, and made sure that the internal IP is the only thing supplying clients with DNS addresses - but unfortunately - I'm still looking at my external IP whenever I try to resolve internal host names through the VPN.

I haven't seen something like this before, so anybody that has any insight - it would be more than welcome.
0
Comment
Question by:usslindstrom
  • 3
4 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 36546760
What software are you running for your DNS server?  Does this all resolve correctly on the primary side?  Do you have separate internal and external zones?

Need more info.
0
 
LVL 5

Author Comment

by:usslindstrom
ID: 36546773
Primary site is AD.  DNS server is also a DC.

Primary site works fine.

No separate internal or external zones, only internal.  External DNS is being handled by www name provider.

Both sites were previously using a GRE tunnel (Cisco 2600s) but were recently upgraded to the small business router (RVS4000) that only supports IPSec tunnels.  In the router upgrade, it was planned to redo the servers on the remote site as well, but we've made it to the point where we're at now with this DNS problem.
0
 
LVL 5

Accepted Solution

by:
usslindstrom earned 0 total points
ID: 36546951
Disregard.  A network adapter on the unit (even though disabled), had entries in it's DNS fields.

For some reason, these were causing the problems, and after they were removed - everything worked as intended.
0
 
LVL 5

Author Closing Comment

by:usslindstrom
ID: 36565547
Solution required editing disabled NIC and removing DNS entries.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ACL Logging Optimization 7 30
Confused about VPN connection and private IP addresses..?? 5 47
P2P and MPLS 3 46
Problem to router 7 17
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now