DNS across a VPN tunnel

Posted on 2014-03-25
Last Modified: 2014-03-26
Dear Experts,
      My company has a production environment (domain name = and an office environment (domain name =   In the production environment, we have a set of Cisco ASA 5515 firewalls (managed by our datacenter) and at the office we have a set of Sonic Wall’s (managed by me).  I worked with the data center engineers to setup a site to site IKE tunnel between the sonic walls and I can now remote desktop and communicate with servers in the corp domain from the office domain and vice versa with no problems.  
      The problem is I can only access my servers on both sides by IP Address.  I realize there needs to be some form of DNS setup between the domains that I don’t fully understand.  I was able to setup a secondary zone on one of my office DNS servers that pulled down a copy of Corp.  I can now use a remote desktop session across the tunnel by using –   This works from the office to corp but not vice versa.  Do I need to do the same thing on the Corp side or is there just a better way to set all this up.
      Currently, all my servers are Microsoft Server 2012.

Would appreciate any and all help.
Question by:hexvader
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 16

Accepted Solution

Dirk Mare earned 500 total points
ID: 39954077
Yes it will work if you create a secondary zone on the domain side. You can also setup DNS forwarders on the domain side to FW request to another DNS server.


Author Closing Comment

ID: 39957048
Since you were the only reply Ill give you the points.  I was aware this could be done and once I set it up it did work perfectly. I was just hoping for a better way.

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (, affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor ( Top Charts is a view in which you can set seve…
Suggested Courses
Course of the Month6 days, 1 hour left to enroll

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question