Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

weird DNS resolution with split tunneling

Status
Not open for further replies.
djjazzyjeff

djjazzyjeff

MIS
Jul 18, 2001
40
US
Hi folks, I'm having a strange problem after enabling split tunneling for IPSEC VPN clients on my Pix 515UR. My remote users mainly use tunnels to connect their Outlook XP clients to the Exchange 2000 server at the home office via MAPI. After enabling split tunneling, their requests to the Exchange server resolve to the machine's outside address whilst tunneled in. I can get around this by placing an entry in each effected client's host file for the Exchange server's inside address but this is not a good solution. Anybody been down this road before that can help me out. Thanks........Jeff
 
Sort by date Sort by votes
Hmm, probably because you also assign a domain name to them and you don't connect using a full qualified domain name but only the host portion. Try removing domain name assignment or using the fqdn of the exchange server.

Jan


Network Systems Engineer
CCNA/CQS/CCSP/Infosec
 
Upvote 0 Downvote
Thanks for the reply, I'm afraid I didn't supply enough details. Let me correct, first here is the vpngroup config from my Pix:

vpngroup remsales address-pool sales
vpngroup remsales dns-server 10.10.0.15 10.10.0.22
vpngroup remsales wins-server 10.10.0.5 10.10.0.9
vpngroup remsales default-domain mydomain.com
vpngroup remsales split-tunnel ipsec
vpngroup remsales idle-time 3600
vpngroup remsales password ********

In testing, I need do nothing more than ping the exchange server before and after establishing a VPN connection. Before, I get the outside static address mapping and after connecting I should now get the inside 10.10.0.0 address. Most of my remote users do get the inside address and I do too using a test machine in my office with an outside dialup ISP connection but a handful of my remotes still get the outside address. Very weird and I'm completely stuck ;-(
 
Upvote 0 Downvote
Could be the sequence of dns servers on the local pc, if they have some already in their dns settings maybe it adds your internal ones and therefor they get the official if that is the first dns server in the row. Have them do a "ipconfig /all" once they are connected to see whats configured.

Jan


Network Systems Engineer
CCNA/CQS/CCSP/Infosec
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
283
Sameer258
Sameer258
EdwardMcClelland
  • Locked
  • Question
Google DNS works with Sonic-wall installed. Cox doesn't.
Replies
1
Views
100
ChrisHirst
ChrisHirst
mackland1903
  • Locked
  • Question
Populate oblect group from DNS
Replies
1
Views
64
burtsbees
burtsbees
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
76
ISDPCMAN
ISDPCMAN
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
113
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top