• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 180
  • Last Modified:

DNS and DC issues

This is my issue:  I have a 2 domain controllers, NSCA-DC and NSCA-Files.  NSCA-DC is a VM in hypervisor and is my primary DC.  Additionally they are both my DNS servers.  DNS is resolving for my internal network with no problems.  When people VPN in from outside our network my internal server’s names are not resolved.   My router is managed by our ISP, but connected to it is a Cisco ASA that is used as a VPN concentrator.  I can control its settings.
Also I cannot connect to my primary-DC through RDP but I can PING it and it does have access to the internet.  When I open RDP I can connect for credentials, but then it will not establish a connection using either the server name or its IP address.
0
David Newcomb
Asked:
David Newcomb
  • 6
  • 3
  • 2
1 Solution
 
Jason RybergTechnical Consultant IVCommented:
What's your internal subnet? Is it 192.168.1.0/24?
0
 
David NewcombSystem AdministratorAuthor Commented:
10.0.0.0/24
0
 
Jason RybergTechnical Consultant IVCommented:
Are you using Windows RRAS?  Here is a quote from a technet article I found that seems similar to the issue you're describing:

1.Open Server Manager
2.Network Policy and Access Services
3.Routing and Remote Access
4.IPv4
5.NAT
6.Right mouse, New Interface
7.Choose a NIC (in my case the options were 'Local Area Connection 3' and 'Internal', so I went with the first one)
8. Uncheck the box "Enable security on the selected interface by setting uip Basic Firewall," otherwise if a VPN user connects, no one in the network will be able to access the VPN server for files, resources, etc, and especially detrimental if it is a DC, which is part of the reason we recommend RRAS not be on a DC and be on a separate server.
9.On the NAT tab, selected "Public Interface connected to the internet"
10.Ticked "Enable NAT on this interface"
11.Click OK
12.All done - now test your VPN connection from the client

Article Source
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
David NewcombSystem AdministratorAuthor Commented:
I am not using RRAS.  USers VPN in using the Cisco VPN Client and the ASA passes them into the network.
0
 
hecgomrecCommented:
If your clients are not getting an IP inside your LAN they will never get to see your servers, they must get an IP from your LAN and a DNS from your LAN to be able to resolve your LAN Names.

Your VPN Concentrator should assign an IP and DNS server on your LAN to each authorized connection.

I have the following which applies for a Cisco VPN 3000 but may give an idea: http://www.cisco.com/c/en/us/support/docs/security/vpn-3000-series-concentrators/26405-dns-split-dynam.html
0
 
David NewcombSystem AdministratorAuthor Commented:
So, in the ASA I need to setup DHCP for outside?
0
 
hecgomrecCommented:
Like I said before, I don't know which system you are using but the link I send you, should help you find the steps for yours.
0
 
David NewcombSystem AdministratorAuthor Commented:
I have an ASA 5505, ASA version 8.2(2)  I should have put that in earlier.  It is connected to a router managed by our SIP and the ASA only handles VPN traffic.
0
 
David NewcombSystem AdministratorAuthor Commented:
I was able to resolve the issue by updating the DNS settings in Cisco ADSM group policies under VPN Remote Users config.
0
 
David NewcombSystem AdministratorAuthor Commented:
Thanks for all the assistance, I learned a great deal.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

  • 6
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now