We help IT Professionals succeed at work.

Can ping server ip over vpn but not netbios name

Medium Priority
127 Views
1 Endorsement
Last Modified: 2020-02-04
I have 3 cisco routers with gateway to gateway vpns setup. Location 2 can ping the local domain (mydomain.local which resides at Main Location1) and everything works just fine. Users can connect to the domain perfectly.

Location 3 cannot ping mydomain.local or the netbios name of the server at MainLocation1. I can ping the ip address of the server at MainLocation1.

MainLocation 1 (Where the server resides)
Location 2 (satellite office)
Location 3 (satellite office).

On the workstation at Location 3 I manually assigned dns 1 to the server's ip.

Other details: All of the routers are the same. Any help I can get would be much appreciated!
Comment
Watch Question

Pete LongTechnical Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:

Netbios is a layer 2 protocol it wont work over a VPN?


Problem machine at Location 3, if you "nslookup mydomain.local" does it report its using the same DNS server as a working client at location2?


</P>



Author

Commented:
Yes

Author

Commented:
This is what I get when I do the nslookup.

*** cdns5.cox.net can't find mydomain.local: Non-existent domain
Bill BachPresident and Btrieve Guru
CERTIFIED EXPERT

Commented:
Your problem is with name resolution, but specific to IP communications.  In an ideal world, you would issue a DNS lookup to locate the computer you wish to communicate with, and the DNS server will reply with the IP address.  When you are running remotely, your DNS Client is sending the packets to your registered DNS server -- in this case the public DNS server for Cox Cable.  Their servers definitely don't know about your internal addressing and names.

Solving this problem is possible, but you have to make some hard choices.  First off, you can disable split tunnel VPN, forcing ALL traffic to go through the VPN tunnel.  This will likely force your system to query from the office DNS server as you wish.  However, ALL network traffic will be forced through that connection, so you'll have slower access to all things in the Internet when attached to the VPN.  A second option is to set up a HOSTS file on the workstations that are accessing local devices -- one that has the correct addresses already indicated.  This will allow the HOSTS file lookup to take precedence over the DNS lookup, and it will also be faster to resolve those names.  The downside, though, is that if the IP addresses of the machines in the VPN ever change, you have to modify the HOSTS files on each machine that has one.  Another option could be to hard-code your own DNS servers on the remote stations to force all requests to be redirected through the VPN.  However, when disconnected from the VPN, you may see some lag on name resolution.  Finally, if you had a server-class OS on the remote network, you could set up a caching DNS server locally -- one that knows how to pass upstream requests to the office network DNS environment, but then which can use the Cox DNS server as a secondary.

None of these are ideal, but all will allow it to work as expected.
Dave BaldwinFixer of Problems
CERTIFIED EXPERT
Most Valuable Expert 2014

Commented:
It could be the internet service that is blocking the Netbios request.  Services like Comcast block most ports.  If you can run Shields Up! at the problem location, you can see what ports are open and blocked.  https://www.grc.com/x/ne.dll?bh0bkyd2
Paul MacDonaldDirector, Information Systems
CERTIFIED EXPERT

Commented:
Doing an NSLOOKUP of your internal network using a Cox name server will never work.  You need to run you NSLOOKUP against one of your internal DNS servers.

For sure this is a DNS issue.  For the machines at the failing site, are they properly configured with a working, internal DNS server?  Is the internal DNS server they're using for name resolution up-to-date?
Jeff GloverSr. Systems Administrator
CERTIFIED EXPERT

Commented:
Personally, I would look at the VPN router config for Site 2 and Site 3 and see what, other than the IP addresses, are different. Normally, you would setup so your internal traffic (destined for your internal domain) would go over the VPN and others out the main Internet interface. Your VPN seems to be routing traffic correctly but not DNS traffic since you are seeing a Cox DNS server.

Author

Commented:

Ty for all your replies. Ill try the suggestions and report back in the morning. I have to get this working tomorrow. 

Tom CieslikIT Engineer
CERTIFIED EXPERT
Distinguished Expert 2017

Commented:
Just assign DNS servers on your network adapters in satellite office manually.
As a first DNS set your local office DNS server/router as second, put IP of your DNS from location where server is.

This is maybe not a perfect solution but at least will resolve your problem
Qlemo"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015

Commented:
You wrote that you have set up DNS in location 3 to point to the location 1 server. This cannot be correct, as DNS is definitely asking Cox. If DNS were set to your server, at least fully qualified names pike server.mydomain.local should get resolved.
Commented:

Turns  out everything was set correct. The router was just crap. I got the same exact router and restored the config and it worked right away.