DNS across VPN tunnel?

Answered Question
May 6th, 2009
User Badges:

Hey guys,

I've got two firewalls providing an IPSec tunnel between two offices. The tunnel is up and talking, and everything seems ok. However, some of the hosts on the remote network are encountering DNS issues. The DNS and AD domain servers are all on my local network, and the remote users connect to the domain across the tunnel. Here's the kicker though: not all users are having this issue. Some workstations are resolving DNS just fine, while others are not at all. It's not a caching issue, I've verified that the working PCs are actually communicating properly with the DNS servers while the others are not.

Is there anything specific that needs to happen on the firewalls to ensure DNS traffic? My tunnel ACLs are set to encrypt all IP traffic between the two subnets, and I've enabled sysopt connect permit-ipsec to allow the traversal of encrypted traffic.


Correct Answer by bmcginn about 8 years 2 months ago

Do the Pix's have licenses for the amount of devices behind them?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
John Blakley Wed, 05/06/2009 - 11:40
User Badges:
  • Purple, 4500 points or more

How are you testing DNS across the tunnel? Are you just trying to hit a web page on certain hosts, and some work, some don't?

Correct Answer
bmcginn Wed, 05/06/2009 - 15:27
User Badges:
  • Bronze, 100 points or more

Do the Pix's have licenses for the amount of devices behind them?

pondersean Wed, 05/06/2009 - 15:31
User Badges:

In the course of debugging I saw a curious message...regarding dropped sessions due to exceeding the number of inside hosts. I am getting this resolved now. Thanks very much for the help, guys!

bmcginn Wed, 05/06/2009 - 17:21
User Badges:
  • Bronze, 100 points or more

The license was out then?

can you rate the post if it helped please?


This Discussion