837 site to site vpn - communication probles between networks.

Unanswered Question
Apr 5th, 2008
User Badges:

Hi Cisco Guru's!


I've setup a VPN site to site between two networks. The office network is a static ip and the home network is dynamic.


I can ping the machines the other side of the network but there is no DNS resolving from the office side.


The major problem is I can't seem to use a TCP protocols over the line. I can't RDP or VNC and it's not authorising my widows domain users.


The strange thing is that after a while Exchange finds a way to connect through the network.


If one of you experts could take the time to help me out it would be most appreciated.


Many thanks, configs in txt files.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sundar.palaniappan Sun, 04/06/2008 - 08:14
User Badges:
  • Green, 3000 points or more

Since you have IP connectivity between the L2L clients but TCP is having issues it's quite possible you may have be having issues with MTU over the IPSEC tunnel. Can you configure the command 'ip tcp adjust-mss 1440' under the LAN interface to rule out the MTU problem.


HTH


Sundar

Mat_2001mat Sun, 04/06/2008 - 10:07
User Badges:

Hi Sundar,


Thank you for taking the time to reply to my problem. After trawling through different posts in the forums I found out about the MTU commands to reduce the size of packets being sent and it seems to have resolved the issue. However, one thing I noted as strange is when I try to open an RDP session to a host on the other side of the vpn tunnel it won't connect but if I enter the hostname it workes fine. I'm not sure if this is normal in VPN's or a fault in my configuration.


The major issue im experiencing at the moment is DNS settings through the VPN.


At the Office side I have a Windows 03 Server running DNS,DHCP and AD which caters for the whole office network. The goal is to expand the Office network to my Home network. The two networks don't seem to be playing ball together though.


I'm not sure how to approach this. I have configured the DHCP server on the Home router to give the clients the DNS address of the 03 Server but I think because it;s on a different I.P range there's a communication problem.


I get the standard applying settings hang for ages when connecting machines to the domain which normally occurs when there are DNS issues. On initial impressions it seems I can resolve most host names from the Office end. However, the Office end can not resolve hostnames on the Home end. So I'm guessing this is where the issue is residing.


I know it's alot to read so I appreciate anybody who takes the time to listen.


If somebody has any answers for me that would be brilliant or if anyone knows what's causing the communication issues between the Windows machines that would be great.


Ps. thanks again to Sundar for taking the time to respond.


Many thanks

Matt

sundar.palaniappan Mon, 04/07/2008 - 14:31
User Badges:
  • Green, 3000 points or more

Is the DNS server on the 192.168.0.0/24 subnet? If it's on a different subnet then your ACL 100 needs to include traffic from the DNS subnet to remote subnet of 192.168.1.0/24 to be protected by IPSEC.


HTH


Sundar

Actions

This Discussion