[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

DNS and DC issues

Posted on 2014-03-05
11
Medium Priority
?
176 Views
Last Modified: 2014-03-16
This is my issue:  I have a 2 domain controllers, NSCA-DC and NSCA-Files.  NSCA-DC is a VM in hypervisor and is my primary DC.  Additionally they are both my DNS servers.  DNS is resolving for my internal network with no problems.  When people VPN in from outside our network my internal server’s names are not resolved.   My router is managed by our ISP, but connected to it is a Cisco ASA that is used as a VPN concentrator.  I can control its settings.
Also I cannot connect to my primary-DC through RDP but I can PING it and it does have access to the internet.  When I open RDP I can connect for credentials, but then it will not establish a connection using either the server name or its IP address.
0
Comment
Question by:David Newcomb
  • 6
  • 3
  • 2
11 Comments
 
LVL 4

Expert Comment

by:Jason Ryberg
ID: 39906818
What's your internal subnet? Is it 192.168.1.0/24?
0
 

Author Comment

by:David Newcomb
ID: 39906822
10.0.0.0/24
0
 
LVL 4

Expert Comment

by:Jason Ryberg
ID: 39906846
Are you using Windows RRAS?  Here is a quote from a technet article I found that seems similar to the issue you're describing:

1.Open Server Manager
2.Network Policy and Access Services
3.Routing and Remote Access
4.IPv4
5.NAT
6.Right mouse, New Interface
7.Choose a NIC (in my case the options were 'Local Area Connection 3' and 'Internal', so I went with the first one)
8. Uncheck the box "Enable security on the selected interface by setting uip Basic Firewall," otherwise if a VPN user connects, no one in the network will be able to access the VPN server for files, resources, etc, and especially detrimental if it is a DC, which is part of the reason we recommend RRAS not be on a DC and be on a separate server.
9.On the NAT tab, selected "Public Interface connected to the internet"
10.Ticked "Enable NAT on this interface"
11.Click OK
12.All done - now test your VPN connection from the client

Article Source
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:David Newcomb
ID: 39906925
I am not using RRAS.  USers VPN in using the Cisco VPN Client and the ASA passes them into the network.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39910120
If your clients are not getting an IP inside your LAN they will never get to see your servers, they must get an IP from your LAN and a DNS from your LAN to be able to resolve your LAN Names.

Your VPN Concentrator should assign an IP and DNS server on your LAN to each authorized connection.

I have the following which applies for a Cisco VPN 3000 but may give an idea: http://www.cisco.com/c/en/us/support/docs/security/vpn-3000-series-concentrators/26405-dns-split-dynam.html
0
 

Author Comment

by:David Newcomb
ID: 39917453
So, in the ASA I need to setup DHCP for outside?
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39917733
Like I said before, I don't know which system you are using but the link I send you, should help you find the steps for yours.
0
 

Author Comment

by:David Newcomb
ID: 39917741
I have an ASA 5505, ASA version 8.2(2)  I should have put that in earlier.  It is connected to a router managed by our SIP and the ASA only handles VPN traffic.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39917919
0
 

Accepted Solution

by:
David Newcomb earned 0 total points
ID: 39921641
I was able to resolve the issue by updating the DNS settings in Cisco ADSM group policies under VPN Remote Users config.
0
 

Author Closing Comment

by:David Newcomb
ID: 39932354
Thanks for all the assistance, I learned a great deal.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know what services you can and cannot, should and should not combine on your server.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question