I have a Lan-to-Lan IPSEC tunnel established from a remote office (192.168.0.0/24) to HQ 172.30.0.0/16) using a PIX-501 and a Concentrator 3000.
From the a PC in the remote office I can ping the domain controller in HQ by IP address but not by computer name.
If I edit lmhost on the PC and add
172.30.x.x <DC computer name> #PRE #DOM:<domain name>
This resolves the one name but not others on my domain.
I need to add the PC's at the remote office to our HQ domain but for this to happen I believe I need DSN resolution to work.
The PC's DNS server address match the HQ DNS servers IP address.
I default the PIX-501 by config-factory and add the following to the config
no dhcpd address 192.168.1.2-192.168.1.33 inside
ip address outside x.x.x.x y.y.y.y
ip address inside 192.168.0.250 255.255.255.0
route outside 0.0.0.0 0.0.0.0 z.z.z.z 1
access-list 101 permit ip 192.168.0.0 255.255.255.0 172.0.0.0 255.0.0.0
nat (inside) 0 access-list 101
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set aptset esp-3des esp-md5-hmac
crypto map aptmap 10 ipsec-isakmp
crypto map aptmap 10 match address 101
crypto map aptmap 10 set peer <concentrator>
crypto map aptmap 10 set transform-set aptset
crypto map aptmap interface outside
isakmp enable outside
isakmp key ********** address <concentrator> netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
From the a PC in the remote office I can ping the domain controller in HQ by IP address but not by computer name.
If I edit lmhost on the PC and add
172.30.x.x <DC computer name> #PRE #DOM:<domain name>
This resolves the one name but not others on my domain.
I need to add the PC's at the remote office to our HQ domain but for this to happen I believe I need DSN resolution to work.
The PC's DNS server address match the HQ DNS servers IP address.
I default the PIX-501 by config-factory and add the following to the config
no dhcpd address 192.168.1.2-192.168.1.33 inside
ip address outside x.x.x.x y.y.y.y
ip address inside 192.168.0.250 255.255.255.0
route outside 0.0.0.0 0.0.0.0 z.z.z.z 1
access-list 101 permit ip 192.168.0.0 255.255.255.0 172.0.0.0 255.0.0.0
nat (inside) 0 access-list 101
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set aptset esp-3des esp-md5-hmac
crypto map aptmap 10 ipsec-isakmp
crypto map aptmap 10 match address 101
crypto map aptmap 10 set peer <concentrator>
crypto map aptmap 10 set transform-set aptset
crypto map aptmap interface outside
isakmp enable outside
isakmp key ********** address <concentrator> netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400