Solved

DNS and DC issues

Posted on 2014-03-05
11
164 Views
Last Modified: 2014-03-16
This is my issue:  I have a 2 domain controllers, NSCA-DC and NSCA-Files.  NSCA-DC is a VM in hypervisor and is my primary DC.  Additionally they are both my DNS servers.  DNS is resolving for my internal network with no problems.  When people VPN in from outside our network my internal server’s names are not resolved.   My router is managed by our ISP, but connected to it is a Cisco ASA that is used as a VPN concentrator.  I can control its settings.
Also I cannot connect to my primary-DC through RDP but I can PING it and it does have access to the internet.  When I open RDP I can connect for credentials, but then it will not establish a connection using either the server name or its IP address.
0
Comment
Question by:David Newcomb
  • 6
  • 3
  • 2
11 Comments
 
LVL 4

Expert Comment

by:Jason Ryberg
ID: 39906818
What's your internal subnet? Is it 192.168.1.0/24?
0
 

Author Comment

by:David Newcomb
ID: 39906822
10.0.0.0/24
0
 
LVL 4

Expert Comment

by:Jason Ryberg
ID: 39906846
Are you using Windows RRAS?  Here is a quote from a technet article I found that seems similar to the issue you're describing:

1.Open Server Manager
2.Network Policy and Access Services
3.Routing and Remote Access
4.IPv4
5.NAT
6.Right mouse, New Interface
7.Choose a NIC (in my case the options were 'Local Area Connection 3' and 'Internal', so I went with the first one)
8. Uncheck the box "Enable security on the selected interface by setting uip Basic Firewall," otherwise if a VPN user connects, no one in the network will be able to access the VPN server for files, resources, etc, and especially detrimental if it is a DC, which is part of the reason we recommend RRAS not be on a DC and be on a separate server.
9.On the NAT tab, selected "Public Interface connected to the internet"
10.Ticked "Enable NAT on this interface"
11.Click OK
12.All done - now test your VPN connection from the client

Article Source
0
 

Author Comment

by:David Newcomb
ID: 39906925
I am not using RRAS.  USers VPN in using the Cisco VPN Client and the ASA passes them into the network.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39910120
If your clients are not getting an IP inside your LAN they will never get to see your servers, they must get an IP from your LAN and a DNS from your LAN to be able to resolve your LAN Names.

Your VPN Concentrator should assign an IP and DNS server on your LAN to each authorized connection.

I have the following which applies for a Cisco VPN 3000 but may give an idea: http://www.cisco.com/c/en/us/support/docs/security/vpn-3000-series-concentrators/26405-dns-split-dynam.html
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:David Newcomb
ID: 39917453
So, in the ASA I need to setup DHCP for outside?
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39917733
Like I said before, I don't know which system you are using but the link I send you, should help you find the steps for yours.
0
 

Author Comment

by:David Newcomb
ID: 39917741
I have an ASA 5505, ASA version 8.2(2)  I should have put that in earlier.  It is connected to a router managed by our SIP and the ASA only handles VPN traffic.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39917919
0
 

Accepted Solution

by:
David Newcomb earned 0 total points
ID: 39921641
I was able to resolve the issue by updating the DNS settings in Cisco ADSM group policies under VPN Remote Users config.
0
 

Author Closing Comment

by:David Newcomb
ID: 39932354
Thanks for all the assistance, I learned a great deal.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now