weird no name resolution over VPN issue!!

Unanswered Question
Feb 5th, 2007

I am a newbie when it comes to Cisco equipment. We have a PIX firewall (506E) and have clients using client VPN software. Users VPN in to one site.

Everything was great until a couple of weeks ago.

I have a weird issue were our users who use VPN client cannot get name resolution. But if they allow the connection to sit for about 15 minutes, resolution works.

PC's that were never on our domain can use the VPN client and have no problems at all. My home PC has NO such problems.

Windows 2000/2003 servers. Win 2000 Domain. exchange 2000.

We just recently added a new DNS server and removed the old one. also upgraded our ISA server to 2004 from 2000.

I know our internal IP is actual a public address. This has been like this for several years, and will be switched to a private one in a month. we inherited this!!!

Connection-specific DNS Suffix . : corporate.company.com

Description . . . . . . . . . . . : Cisco Systems VPN Adapter

Physical Address. . . . . . . . . : 00-05-9A-3C-78-00

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 172.16.0.116

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 130.1.X.XXX 130.1.X.X

C:\Documents and Settings\wmiller>ping mail1

Ping request could not find host mail1. Please check the name and try again.

I can terminal service to internal servers by using the IP, not name.

Any ideas? Where can I start gathering log files or troublehooting this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Mon, 02/05/2007 - 09:58

Check your default domain name being supplied to clients "corporate.company.com".

I had similar issues and was not supplying correct domain name.

Where does the dns server sit? Can you ping it from vpn? Does pix have a route to it?

brentwoodind Mon, 02/05/2007 - 11:18

acomiskey,

thank you so much for the reply.

The default domain is correct. Althought the PIX has a different domain name assigned to it in PDM software.

the DNS servers sit inside the PIX. It is a single domain, with 2 DNS servers.

I will have to re-verify if I can ping in VPN. Last I recall, I could not ping.

Where in the config do I look for a route? Or should I post my config?

Like I said this was inherited, and I am very new to PIX.

acomiskey Mon, 02/05/2007 - 11:25

Actually, since you say that some computers work ok, I would not suspect a routing problem, but "show route" will display routes in pix.

Might as well post a sanitized config. I'm sure someone here can help you out.

brentwoodind Mon, 02/05/2007 - 12:13

acomiskey,

Again thank you for the response.

This is very perplexing. I agree that it is not a routing issue. It is weird that PC/laptops not in the domain do not have this issue. (not that I am aware) I have tested several including my own home PC and they work as expected.

we have 3 remote sites that are connected by routers. But all clients VPN in to the corp site.

Attached is my config:

Attachment: 

Actions

This Discussion