Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 870
  • Last Modified:

Cisco Site to Site VPN - DNS

Hi guys,

I've got a query to do with DNS and Site to Site VPN involving a Cisco 877 and 887.

Here is a quick and basic rundown of the two sites:

Office A: - Main office
Cisco 877 - 192.168.1.1
Small Business Server 2011 (DHCP, DNS) - 192.168.1.2
4 Workstations

Office B:
Cisco 887 (DHCP, DNS) - 192.168.21.1
2 Workstations

The router at Office A has been in place for a couple of years now and running fine, the Small Business Server is doing all the usuals, DHCP & DNS etc...

The Cisco VPN Client & Windows VPN weren't ideal so we have decided to go for a permenant tunnel between both offices.

Today I configured the Cisco 887 at Office B, the VPN connection is up and running.

What I was hoping you guys could help me with is the DHCP & DNS for Office B.
Currently it is setup as following...

ip dhcp excluded-address 192.168.21.1 192.168.21.10
!
ip dhcp pool LAN_POOL
 import all
 network 192.168.21.0 255.255.255.0
 domain-name domain.local
 dns-server 192.168.1.2 192.168.21.1
 default-router 192.168.21.1
 netbios-name-server 192.168.1.2
!
!
ip domain name domain.local
ip name-server 123.456.798.1
ip name-server 123.456.789.2
ip cef
no ipv6 cef
!

Open in new window


I want to make sure that a workstation at Office B looks directly out of the network for internet and only looks up the tunnel for devices and services in Office A. I understand the NAT governs this so should be fine? I'm slightly concerned that if the broadband was to go down at Office A that Office B will be without DNS...

I hope I'm being clear, and if you guys need any more of my config I'm happy to paste it in.

Many thanks in advance
0
systemagic
Asked:
systemagic
  • 2
1 Solution
 
Ernie BeekCommented:
Looking at: dns-server 192.168.1.2 192.168.21.1, the clients get two DNS servers. The first at office A (192.168.1.2) and the second is local at office b (192.168.21.1).
So Office B won't be without DNS when A goes down. There will be some delay because the clients will first try to query the DNS server at office A before trying the local DNS server.

You could set the local DNS server first and have a look at conditional DNS forwarding on the server .
0
 
systemagicAuthor Commented:
Thank you, this answers my question :)
Will do some testing.

Cheers
0
 
Ernie BeekCommented:
My pleasure :)

Thx 4 the points.
0

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now