Solved

IPSec Site-to-Site VPN DNS resolving issues

Posted on 2011-09-15
4
289 Views
Last Modified: 2012-05-12
Experts,

I'm having a bit of a strange problem.  I've recently stood up a stie-to-site vpn between two sites with static IPs.  Both sites are using a Cisco RVS4000, and the VPN came up with no issues.

Now that the VPN is up, I'm having DNS issues.  On the remote end, I have clients set to use the DNS server in the primary site.

I can hit the server via its internal IP, but whenever I try and resolve any host names, DNS is returning the external IP address of the primary site.

I've flushed the DNS cache on all sides, and made sure that the internal IP is the only thing supplying clients with DNS addresses - but unfortunately - I'm still looking at my external IP whenever I try to resolve internal host names through the VPN.

I haven't seen something like this before, so anybody that has any insight - it would be more than welcome.
0
Comment
Question by:usslindstrom
  • 3
4 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 36546760
What software are you running for your DNS server?  Does this all resolve correctly on the primary side?  Do you have separate internal and external zones?

Need more info.
0
 
LVL 5

Author Comment

by:usslindstrom
ID: 36546773
Primary site is AD.  DNS server is also a DC.

Primary site works fine.

No separate internal or external zones, only internal.  External DNS is being handled by www name provider.

Both sites were previously using a GRE tunnel (Cisco 2600s) but were recently upgraded to the small business router (RVS4000) that only supports IPSec tunnels.  In the router upgrade, it was planned to redo the servers on the remote site as well, but we've made it to the point where we're at now with this DNS problem.
0
 
LVL 5

Accepted Solution

by:
usslindstrom earned 0 total points
ID: 36546951
Disregard.  A network adapter on the unit (even though disabled), had entries in it's DNS fields.

For some reason, these were causing the problems, and after they were removed - everything worked as intended.
0
 
LVL 5

Author Closing Comment

by:usslindstrom
ID: 36565547
Solution required editing disabled NIC and removing DNS entries.
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question