DNS, Wins through PIX 515 and Vpn Client

[Doctair]

I have configured our PIX firewall to accept vpn connections using the CISCO Vpn client 3.1. I connect to firewall ok and I can ping all of our servers and workstations, but I cannot browse the network or resolve any computer names. How can I get the clients to browse and resolve names. I have tried on both Win2k and 98 clients, with no success. Any help would be great, thanks.

 

[Guest_imported]

What kind of access are you using to connect to the web ?
what OS ? I have an answer to a similar problem

 

[Doctair]

So far I have only tried the VPN client on 2 machines on running windows 98 and the other running windows 2000. both of these machines have cable access to the internet. Does this help?

 

[sobak]

Are you running DHCP for your dial-in clients? If you are are you handing out a DNS server with your IP Address. I just ran into the same issue configuring a dial-in VPN connection. My problem was my NAT addressing, I had to place IP NAT INSIDE on my Virtual Template....

david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*

 

[Guest_imported]

Do you have Client for microsoft networking and file print and sharing enabled on the interface you are connecting to the internet ?

 

[Doctair]

The connections are cable modems, therefore the clients are DHCP enabled and receive dns from the isp. The clients do not use any dial ins, they simple connect to the firewall through what ever means the client computer uses to access the internet, modem ,cable , dsl, etc.. The adapter is given a virtual ip from the firewall, but thats it. I 'm not sure how or if you can pass the internal networks dns or wins through, once this connection is established.

 

[sobak]

We run an internal DNS on our network, my connection from home is a cable modem as well but when I connected to the VPN using Windows XP I lost the ability to resolve host names both on my VPN network and on the Internet. What I did was specify my internal DNS for the VPN link by using

async-bootp dns-server 172.16.4.45 <--IP Address of my DNS Server.

Now when the VPN client receives the internal IP Address from the network is also has the internal DNS Server associated with the Internal Network. I can resolve both internal names and external names via this configuration.

Now this is on a Cisco 7120 (VPN Enterprise Router) not a PIX I don't know how the PIX works for establishing a VPN tunnel, I'm just trying to give you some ideas on what to check and maybe find a solution that works for you...

Trust me, I am far from a VPN expert, if you look down a few threads you will see a post from me in this forum

cheers..



david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*

 

[Doctair]

Thanks for the input sobak, I looked in the pix command reference and there is no such command, there is one for adding the dns and wins server ips for a vpngroup, I tried that but it still doesn't work, but I'll keep lookin. Thanks

 

[Guest_imported]

I have been doing something very similar with client 3.5 and a pix. I have noticed that we get WINS information but no DNS information (even with vnpgroup xxx dns-server...). Have you had any luck with this?

 

[Guest_imported]

I figured it out. Either remove the vpngroup default domain information or correct it to the dns suffix.