We are having issues where users can connect to our PIX firewall with VPN client. But they cannot get access to any internal servers by name. I can ping servers by IP.
This started after we added a new DNS server, and removed the old one. We also added an ISA 2004 server.
But I don?t believe it is the ISA server. See beleow.
The NIC-TCP/IP advanced settings show that when connected to the VPN, the Append these DNS suffixes is check and our domain is entered.
When not connected we have append primary and connection specific DNS suffixes, and the append parent suffixes of primary DNS checked. There is NO domain name entered.
When connected the VPN adapter has the append these DNS suffixes with domain name, and DNS suffix for this connection has the domain name entered also.
On the PIX firewall using the PDM software, under Monitoring the IPSec vpns, I see my connection and only a couple of packets. And I cannot ping by name.
If I go to the Local area connection settings, advanced DNS, and change from append these suffixes to append primary and connection specific DNS, with append parent checked, I can ping by name. This setting once disconnected goes back to append these suffixes, once connected to VPN again.
Or, if I add the domain to DNS suffix for this connection. I can then ping. Although I found that once you disconnect, and flush DNS, when you reconnect the VPN it does not resolve names.
Also some users have found out that if they allow the VPN connection to stay connected for anywhere between 15 and 30 minutes, it will start resolving, without changing anything.
Any clues how to make this work.