DNS and RDP issues

Unanswered Question
Feb 20th, 2008

I have set-up a remote access vpn on a 5510 ASA for a customer and although they can connect and collect mail and see their mapped drives they do not get dns resolution from the internal servers and are not able to use RDP to access the internal servers. The ASA is running version 7.2. I have tried recreating this in a lab environment and get the same problem. I am new to the ASA and not sure if there may be something in the policy that blocks these services. I have tried upgrading the lab equipment to 8.03 but still have the same problem. If anyone has any advice it would be much appreciated as it looks like I have a few of these to install in the near future.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
Loading.
husycisco Fri, 02/22/2008 - 14:02

Martin,

Is 10.190.50.1 a domain controller with DNS service installed?

What happens when you run nslookup in command line of client which is connected via VPN then type a hostname.domainname.suffix? Do you get response? Does nslookup point 10.190.50.1 as default server?

mannschaft Sun, 02/24/2008 - 13:42

Hi guys,

i experienced the same problem with DNS, but i resolve it now.

actualy i have a problem with RDP, when connected via VPN i can't run RDP to my local servers, i used the IP adress instead but didn't work too .

attached my running configuration on the ASA 5505.

Please debugg my config and send your help.

Thanks.

Attachment: 
husycisco Mon, 02/25/2008 - 00:04

Hi Adil

Make the following change

access-list inside_nat0_outbound permit ip 192.168.2.0 255.255.255.0 192.168.2.224 255.255.255.224

no nat (inside) 0 192.168.2.2

nat (inside) 0 access-list inside_nat0_outbound

Regards

Please do not forget to rate the post if helpful

mannschaft Mon, 02/25/2008 - 09:38

Hi Husyine

i have tried the changes you gave me but nothing was changed. by theway whay did you put 192.168.2.224 ? this IP adresse is a part of VPN Pool.

for your information, when i do nslookup the host is resolved ! when i ping the IP adresse of the host no response. just the DNS and Inside interface can be pinged.

do you have any other suggestions ?

thanks & regards.

husycisco Thu, 02/28/2008 - 02:07

Adil

Please rate posts if helpful. If it i not, go on collaboration till you resolve the issue.

Please post your current running config

Regards

husycisco Mon, 02/25/2008 - 01:37

Martin,

Is 10.190.50.1 a domain controller with DNS service installed?

Can you connect to 10.190.50.1 via RDP ?

Can a local client located in inside interface with preferred DNS server of 10.190.50.1 can resolve the IP addresses in nslookup output you attached to names?

mbluemel Mon, 02/25/2008 - 01:46

Hi there. Yes 10.190.50.1 is a domain controller and runs the dns service. Clients inside the network can ping the server by name. I can connect to 10.190.50.1 by rdp.

husycisco Thu, 02/28/2008 - 02:05

Martin,

Please download portqry.exe in VPN client,

http://download.microsoft.com/download/3/f/4/3f4c6a54-65f0-4164-bdec-a3411ba24d3a/portqryui.exe

extract it, then run portqryui. In IP address section, type 10.190.50.1 , choose "Manually input query ports", choose UDP, and port 53. If query result returns correctly, then try issuing the following commands

policy-map global_policy

class inspection_default

no inspect dns preset_dns_map

If you cant get response, then add the following

sysopt connection permit-ipsec

If still no response, let me know.

Regards

Actions

This Discussion