DNS and DC issues
This is my issue: I have a 2 domain controllers, NSCA-DC and NSCA-Files. NSCA-DC is a VM in hypervisor and is my primary DC. Additionally they are both my DNS servers. DNS is resolving for my internal network with no problems. When people VPN in from outside our network my internal server’s names are not resolved. My router is managed by our ISP, but connected to it is a Cisco ASA that is used as a VPN concentrator. I can control its settings.
Also I cannot connect to my primary-DC through RDP but I can PING it and it does have access to the internet. When I open RDP I can connect for credentials, but then it will not establish a connection using either the server name or its IP address.
Also I cannot connect to my primary-DC through RDP but I can PING it and it does have access to the internet. When I open RDP I can connect for credentials, but then it will not establish a connection using either the server name or its IP address.
What's your internal subnet? Is it 192.168.1.0/24?
ASKER
10.0.0.0/24
Are you using Windows RRAS? Here is a quote from a technet article I found that seems similar to the issue you're describing:
1.Open Server Manager
2.Network Policy and Access Services
3.Routing and Remote Access
4.IPv4
5.NAT
6.Right mouse, New Interface
7.Choose a NIC (in my case the options were 'Local Area Connection 3' and 'Internal', so I went with the first one)
8. Uncheck the box "Enable security on the selected interface by setting uip Basic Firewall," otherwise if a VPN user connects, no one in the network will be able to access the VPN server for files, resources, etc, and especially detrimental if it is a DC, which is part of the reason we recommend RRAS not be on a DC and be on a separate server.
9.On the NAT tab, selected "Public Interface connected to the internet"
10.Ticked "Enable NAT on this interface"
11.Click OK
12.All done - now test your VPN connection from the client
Article Source
1.Open Server Manager
2.Network Policy and Access Services
3.Routing and Remote Access
4.IPv4
5.NAT
6.Right mouse, New Interface
7.Choose a NIC (in my case the options were 'Local Area Connection 3' and 'Internal', so I went with the first one)
8. Uncheck the box "Enable security on the selected interface by setting uip Basic Firewall," otherwise if a VPN user connects, no one in the network will be able to access the VPN server for files, resources, etc, and especially detrimental if it is a DC, which is part of the reason we recommend RRAS not be on a DC and be on a separate server.
9.On the NAT tab, selected "Public Interface connected to the internet"
10.Ticked "Enable NAT on this interface"
11.Click OK
12.All done - now test your VPN connection from the client
Article Source
ASKER
I am not using RRAS. USers VPN in using the Cisco VPN Client and the ASA passes them into the network.
If your clients are not getting an IP inside your LAN they will never get to see your servers, they must get an IP from your LAN and a DNS from your LAN to be able to resolve your LAN Names.
Your VPN Concentrator should assign an IP and DNS server on your LAN to each authorized connection.
I have the following which applies for a Cisco VPN 3000 but may give an idea: http://www.cisco.com/c/en/
Your VPN Concentrator should assign an IP and DNS server on your LAN to each authorized connection.
I have the following which applies for a Cisco VPN 3000 but may give an idea: http://www.cisco.com/c/en/
ASKER
So, in the ASA I need to setup DHCP for outside?
Like I said before, I don't know which system you are using but the link I send you, should help you find the steps for yours.
ASKER
I have an ASA 5505, ASA version 8.2(2) I should have put that in earlier. It is connected to a router managed by our SIP and the ASA only handles VPN traffic.
Here take a look at this:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/vpnadd.html
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/vpnadd.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for all the assistance, I learned a great deal.