cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
981
Views
2
Helpful
12
Replies

DNS and RDP issues

mbluemel
Level 1
Level 1

I have set-up a remote access vpn on a 5510 ASA for a customer and although they can connect and collect mail and see their mapped drives they do not get dns resolution from the internal servers and are not able to use RDP to access the internal servers. The ASA is running version 7.2. I have tried recreating this in a lab environment and get the same problem. I am new to the ASA and not sure if there may be something in the policy that blocks these services. I have tried upgrading the lab equipment to 8.03 but still have the same problem. If anyone has any advice it would be much appreciated as it looks like I have a few of these to install in the near future.

12 Replies 12

husycisco
Level 7
Level 7

Hi Martin

Please attach your running config.

Regards

I can now rdp but not by name only ip. DNS is not getting passed.

Martin,

Is 10.190.50.1 a domain controller with DNS service installed?

What happens when you run nslookup in command line of client which is connected via VPN then type a hostname.domainname.suffix? Do you get response? Does nslookup point 10.190.50.1 as default server?

Hi guys,

i experienced the same problem with DNS, but i resolve it now.

actualy i have a problem with RDP, when connected via VPN i can't run RDP to my local servers, i used the IP adress instead but didn't work too .

attached my running configuration on the ASA 5505.

Please debugg my config and send your help.

Thanks.

Hi Adil

Make the following change

access-list inside_nat0_outbound permit ip 192.168.2.0 255.255.255.0 192.168.2.224 255.255.255.224

no nat (inside) 0 192.168.2.2

nat (inside) 0 access-list inside_nat0_outbound

Regards

Please do not forget to rate the post if helpful

Adil,

Why did you grade 2?

Hi Husyine

i have tried the changes you gave me but nothing was changed. by theway whay did you put 192.168.2.224 ? this IP adresse is a part of VPN Pool.

for your information, when i do nslookup the host is resolved ! when i ping the IP adresse of the host no response. just the DNS and Inside interface can be pinged.

do you have any other suggestions ?

thanks & regards.

Adil

Please rate posts if helpful. If it i not, go on collaboration till you resolve the issue.

Please post your current running config

Regards

Thanks for looking at this.

Martin,

Is 10.190.50.1 a domain controller with DNS service installed?

Can you connect to 10.190.50.1 via RDP ?

Can a local client located in inside interface with preferred DNS server of 10.190.50.1 can resolve the IP addresses in nslookup output you attached to names?

Hi there. Yes 10.190.50.1 is a domain controller and runs the dns service. Clients inside the network can ping the server by name. I can connect to 10.190.50.1 by rdp.

Martin,

Please download portqry.exe in VPN client,

http://download.microsoft.com/download/3/f/4/3f4c6a54-65f0-4164-bdec-a3411ba24d3a/portqryui.exe

extract it, then run portqryui. In IP address section, type 10.190.50.1 , choose "Manually input query ports", choose UDP, and port 53. If query result returns correctly, then try issuing the following commands

policy-map global_policy

class inspection_default

no inspect dns preset_dns_map

If you cant get response, then add the following

sysopt connection permit-ipsec

If still no response, let me know.

Regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: