DNS and DC issues

This is my issue:  I have a 2 domain controllers, NSCA-DC and NSCA-Files.  NSCA-DC is a VM in hypervisor and is my primary DC.  Additionally they are both my DNS servers.  DNS is resolving for my internal network with no problems.  When people VPN in from outside our network my internal server’s names are not resolved.   My router is managed by our ISP, but connected to it is a Cisco ASA that is used as a VPN concentrator.  I can control its settings.
Also I cannot connect to my primary-DC through RDP but I can PING it and it does have access to the internet.  When I open RDP I can connect for credentials, but then it will not establish a connection using either the server name or its IP address.
David NewcombSystem AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jason RybergTechnical Consultant IVCommented:
What's your internal subnet? Is it 192.168.1.0/24?
0
David NewcombSystem AdministratorAuthor Commented:
10.0.0.0/24
0
Jason RybergTechnical Consultant IVCommented:
Are you using Windows RRAS?  Here is a quote from a technet article I found that seems similar to the issue you're describing:

1.Open Server Manager
2.Network Policy and Access Services
3.Routing and Remote Access
4.IPv4
5.NAT
6.Right mouse, New Interface
7.Choose a NIC (in my case the options were 'Local Area Connection 3' and 'Internal', so I went with the first one)
8. Uncheck the box "Enable security on the selected interface by setting uip Basic Firewall," otherwise if a VPN user connects, no one in the network will be able to access the VPN server for files, resources, etc, and especially detrimental if it is a DC, which is part of the reason we recommend RRAS not be on a DC and be on a separate server.
9.On the NAT tab, selected "Public Interface connected to the internet"
10.Ticked "Enable NAT on this interface"
11.Click OK
12.All done - now test your VPN connection from the client

Article Source
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

David NewcombSystem AdministratorAuthor Commented:
I am not using RRAS.  USers VPN in using the Cisco VPN Client and the ASA passes them into the network.
0
hecgomrecCommented:
If your clients are not getting an IP inside your LAN they will never get to see your servers, they must get an IP from your LAN and a DNS from your LAN to be able to resolve your LAN Names.

Your VPN Concentrator should assign an IP and DNS server on your LAN to each authorized connection.

I have the following which applies for a Cisco VPN 3000 but may give an idea: http://www.cisco.com/c/en/us/support/docs/security/vpn-3000-series-concentrators/26405-dns-split-dynam.html
0
David NewcombSystem AdministratorAuthor Commented:
So, in the ASA I need to setup DHCP for outside?
0
hecgomrecCommented:
Like I said before, I don't know which system you are using but the link I send you, should help you find the steps for yours.
0
David NewcombSystem AdministratorAuthor Commented:
I have an ASA 5505, ASA version 8.2(2)  I should have put that in earlier.  It is connected to a router managed by our SIP and the ASA only handles VPN traffic.
0
David NewcombSystem AdministratorAuthor Commented:
I was able to resolve the issue by updating the DNS settings in Cisco ADSM group policies under VPN Remote Users config.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David NewcombSystem AdministratorAuthor Commented:
Thanks for all the assistance, I learned a great deal.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.