Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 870
  • Last Modified:

Cisco Site to Site VPN - DNS

Hi guys,

I've got a query to do with DNS and Site to Site VPN involving a Cisco 877 and 887.

Here is a quick and basic rundown of the two sites:

Office A: - Main office
Cisco 877 -
Small Business Server 2011 (DHCP, DNS) -
4 Workstations

Office B:
Cisco 887 (DHCP, DNS) -
2 Workstations

The router at Office A has been in place for a couple of years now and running fine, the Small Business Server is doing all the usuals, DHCP & DNS etc...

The Cisco VPN Client & Windows VPN weren't ideal so we have decided to go for a permenant tunnel between both offices.

Today I configured the Cisco 887 at Office B, the VPN connection is up and running.

What I was hoping you guys could help me with is the DHCP & DNS for Office B.
Currently it is setup as following...

ip dhcp excluded-address
ip dhcp pool LAN_POOL
 import all
 domain-name domain.local
ip domain name domain.local
ip name-server 123.456.798.1
ip name-server 123.456.789.2
ip cef
no ipv6 cef

Open in new window

I want to make sure that a workstation at Office B looks directly out of the network for internet and only looks up the tunnel for devices and services in Office A. I understand the NAT governs this so should be fine? I'm slightly concerned that if the broadband was to go down at Office A that Office B will be without DNS...

I hope I'm being clear, and if you guys need any more of my config I'm happy to paste it in.

Many thanks in advance
  • 2
1 Solution
Ernie BeekCommented:
Looking at: dns-server, the clients get two DNS servers. The first at office A ( and the second is local at office b (
So Office B won't be without DNS when A goes down. There will be some delay because the clients will first try to query the DNS server at office A before trying the local DNS server.

You could set the local DNS server first and have a look at conditional DNS forwarding on the server .
systemagicAuthor Commented:
Thank you, this answers my question :)
Will do some testing.

Ernie BeekCommented:
My pleasure :)

Thx 4 the points.

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now