CISCO PPTP VPN DNS PROBLEMS 1

[kgrinberg]

I have a Cisco 506e Firewall which accepts PPTP VPN Connections. Recently I came across this problem:
Laptops that are on my domain, if I take them on the road, they are having DNS problems when using VPN. By running IPCONFIG, DNS servers are listed, but names are not resolved. I also noticed that this happens only in computers that are on the domain. Workgroup computers are unaffected. Also, its not consistent. Sometimes it works and sometimes it does not. I think that the laptops are trying to resolve names through ISP instead of the VPN. Can someone help?

 

[ChicagoTechNet]

posting the result of ipconfig /all here may help.

Robert Lin, MS-MVP, MCSE & CNE
Windows, Network, Internet, VPN, Routing and How to at

http://www.ms-mvps.com

 

[c1utch]

I'm having the same problem too. Remote clients using Windows 2000 PPTP VPN client can't ping devices on the remote network via their host name. Pinging these same devices via IP address works fine.

I know I can edit my local hosts file with the name and IP addresses of remote hosts, but I'd like to stay clear of that and find out why Windows 2000 isn't using the DNS server given to it via the PPTP vpn connection.

Here is my ipconfig /all from my remote client:

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : dhbroadband
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connecti
on
Physical Address. . . . . . . . . : 00-E0-18-36-2A-64
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 172.16.50.22
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.50.1
DHCP Server . . . . . . . . . . . : 172.16.50.1
DNS Servers . . . . . . . . . . . : 172.16.50.1
Lease Obtained. . . . . . . . . . : Friday, March 25, 2005 4:27:17 AM
Lease Expires . . . . . . . . . . : Saturday, March 26, 2005 4:27:17 AM

PPP adapter Work PPTP VPN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.2.226
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 172.16.2.226
DNS Servers . . . . . . . . . . . : 172.16.2.1


The DNS server listed in the PPP adapter is my work firewall's internal IP address. If I use the router interface at work and try to ping devices directly from the router via their host name, it resolves them fine and I receive replies.

I even tried to change the DNS server that the Windows 2000 VPN client uses. I manually changed the DNS server within the client to point to my Windows 2000 DNS server on the above 172.16.2.0 network. This didn't work either. I was still able to ping IP addresses, but not host names.

Chris

 

[ROUTERKID1]

Once a user is connected via VPN, have them type in the NSlookup command from Dos and see if your DNS server appears. Then Attempt to ping the server with it's fully qualified domain name. servername.yourdomainname.com. Then check out tech net

http://www.microsoft.com/technet/pr...elp/d255b403-7fff-4367-a241-725946fbb67e.mspx

Thanks

Bobby

 

[LloydSev]

Just a note.. via PPTP on our Cisco PIX 506e running 6.3(4), we can not resolve names via just their "hostname".

However, if we use the full DNS name, such as "hostname.domain.com", the name is resolved and can be used for connectivity.

Computer/Network Technician
CCNA

 

[c1utch]

I actually fixed this by doing the following:

On my "Connect" screen of my PPTP VPN client, I clicked on the "Properties" button.

Then select the "Networking" tab.

Select "Internet Protocol (TCP/IP)" and click the "Properties" button.

Click the "Advanced" button on the "TCP/IP Properties" page.

Click the "DNS" tab and then find the box near the bottom of the screen that says "DNS suffix for this connection:"

Type in your FQDN in this box.

What this does is automatically add your domain name to all hosts you try to communicate with...making there no need for you to type the FQDN when pinging your host.

So, if you try to ping "HostA" which is sitting on the domain "mydomain.com", that PPTP connection will already assume you the host is on "mydomain.com" and you'll get a reply. Hope this helps.

Chris

 

[ROUTERKID1]

Very cool this is what I was going for if you could ping by the FQDN. The DNS suffix is a problem I see a lot on corporate vpn's.



Take Care


Bobby