Solved

DNS and DC issues

Posted on 2014-03-05
11
168 Views
Last Modified: 2014-03-16
This is my issue:  I have a 2 domain controllers, NSCA-DC and NSCA-Files.  NSCA-DC is a VM in hypervisor and is my primary DC.  Additionally they are both my DNS servers.  DNS is resolving for my internal network with no problems.  When people VPN in from outside our network my internal server’s names are not resolved.   My router is managed by our ISP, but connected to it is a Cisco ASA that is used as a VPN concentrator.  I can control its settings.
Also I cannot connect to my primary-DC through RDP but I can PING it and it does have access to the internet.  When I open RDP I can connect for credentials, but then it will not establish a connection using either the server name or its IP address.
0
Comment
Question by:David Newcomb
  • 6
  • 3
  • 2
11 Comments
 
LVL 4

Expert Comment

by:Jason Ryberg
ID: 39906818
What's your internal subnet? Is it 192.168.1.0/24?
0
 

Author Comment

by:David Newcomb
ID: 39906822
10.0.0.0/24
0
 
LVL 4

Expert Comment

by:Jason Ryberg
ID: 39906846
Are you using Windows RRAS?  Here is a quote from a technet article I found that seems similar to the issue you're describing:

1.Open Server Manager
2.Network Policy and Access Services
3.Routing and Remote Access
4.IPv4
5.NAT
6.Right mouse, New Interface
7.Choose a NIC (in my case the options were 'Local Area Connection 3' and 'Internal', so I went with the first one)
8. Uncheck the box "Enable security on the selected interface by setting uip Basic Firewall," otherwise if a VPN user connects, no one in the network will be able to access the VPN server for files, resources, etc, and especially detrimental if it is a DC, which is part of the reason we recommend RRAS not be on a DC and be on a separate server.
9.On the NAT tab, selected "Public Interface connected to the internet"
10.Ticked "Enable NAT on this interface"
11.Click OK
12.All done - now test your VPN connection from the client

Article Source
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:David Newcomb
ID: 39906925
I am not using RRAS.  USers VPN in using the Cisco VPN Client and the ASA passes them into the network.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39910120
If your clients are not getting an IP inside your LAN they will never get to see your servers, they must get an IP from your LAN and a DNS from your LAN to be able to resolve your LAN Names.

Your VPN Concentrator should assign an IP and DNS server on your LAN to each authorized connection.

I have the following which applies for a Cisco VPN 3000 but may give an idea: http://www.cisco.com/c/en/us/support/docs/security/vpn-3000-series-concentrators/26405-dns-split-dynam.html
0
 

Author Comment

by:David Newcomb
ID: 39917453
So, in the ASA I need to setup DHCP for outside?
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39917733
Like I said before, I don't know which system you are using but the link I send you, should help you find the steps for yours.
0
 

Author Comment

by:David Newcomb
ID: 39917741
I have an ASA 5505, ASA version 8.2(2)  I should have put that in earlier.  It is connected to a router managed by our SIP and the ASA only handles VPN traffic.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39917919
0
 

Accepted Solution

by:
David Newcomb earned 0 total points
ID: 39921641
I was able to resolve the issue by updating the DNS settings in Cisco ADSM group policies under VPN Remote Users config.
0
 

Author Closing Comment

by:David Newcomb
ID: 39932354
Thanks for all the assistance, I learned a great deal.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Whitelisting applications 2 27
dnscache is required for Active directory replication? 3 52
question about running backups 3 66
How does ADMT SID History work? 1 24
Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question