VPN DNS not quite working....

[wlandymore]

I setup a VPN and relay agent on our ISA 2004 firewall and everything is working well, accept for hostname or FQDN resolution.

When I do an nslookup for hostname I get the right IP/hostname from the DNS server on the internal network, which is great.
I can also ping the IP successfully.

However, if I try to ping the hostname or FQDN, or use the \\servername to access the shares it won't work.

The VPN client is getting IP config like:

192.168.1.145 (DHCP address)
255.255.255.255
192.168.1.145

192.168.1.12 (network DNS server)
192.168.1.10 (network DNS server)

This is good for the VPN network. Also, the network that the external computer is on is 192.168.2.x so there shouldn't be a conflict between the VPN server network and the client network.

Like I said, it can get the IP with an nslookup of the server name, but it just can't ping it or access it by the name.
I can access anything on the network via IP, but I would like to have the hostnames too...

What am I missing if it can resolve it with nslookup but it won't do the ping or \\hostname??

 

[minxca]

Hi,
~~~~~~~~~~~~~~~~~~~~~
Also, the network that the external computer is on is 192.168.2.x so there shouldn't be a conflict between the VPN server network and the client network.
~~~~~~~~~~~~~~~~~~~~~
I know it's different subnet but try to change your home network to 10.x.x.x. If you don't want to change, connect your laptop/pc directly to your modem.

 

[wlandymore]

okay, I'll give that a shot.

I'll have to plug directly into the modem because the home computer I'm testing on is using a 'cheap-o' router that won't allow me to configure the interfaces.

That, or I can take a router home from work and try it with that in place instead.

Either way, I'll give it a shot and let you know how it goes.

 

[wlandymore]

right you are!!

I changed the home network to another private ranger (172.16.0.x) and everything was perfect with the name resolution, etc.

thanks a lot!

 

[Canabian]

Thanks for the info, I am having the same problem where I can ping the hostname of the VPN server but can only ping IP addresses for any other server in the network.

I was wondering however if there is any other workaround for this? I have a few people that want to VPN into our 192.168.x.x network from behind a home router setup for 192.168.x.x as well. Most of them don't know how or are unwilling to even try to change their network IP at home and changing it at the office would be a pain. Any help would be great.

Thanks again,

Kramer

 

[wlandymore]

I can't really think of too many ways around this.

It seems to be a shortcoming of the routers to pick this as the default, or just bad luck that the work network is on the same subnet.

However, it shouldn't be a big deal for home users to switch because all you have to do is switch the router IP and then have it give out DHCP addresses on the new subnet.

If they are unwilling to switch then they will either have to make entries in the hosts file so they can use DNS or they will have to use IP's. I think they will realize that it would be easier to switch one IP rather than create multiple entries or have to remember a whole lot of IP's.

Good luck.

 

[Canabian]

That's what I figured, thanks for the quick response by the way. This board rules!