Can't resolve dns

razorbakill · ‎04-23-2010

I setup a asa5505 with static ip info. I then created a vpn site to site vpn tunnel for main office to remote site. Everythig works fine except i can't resolve dns names. I setup both a local dns server address on the remote site asa in the defautl dns server group and an external entry, (isp's dns ). I enabled both dns lookup enabled for inside and outside. I can ping the intranet dns server at the main office from the remote site but it won't resolve any local resources by name. I can only access local resources by ip. Same for the external. Other than that all communication is good. Any thoughts as to why pc's on the remote site can not resolve dns names. Oh, and there is no dhcp setup at the remote site, all pc's are setup with the correct static ip info, ip, sub, GW, & local dns first, then isp's second.

Jennifer Halim · ‎04-23-2010

Are you allowing DNS traffic through your access-list at the remote site? When you say the remote PC is setup with local DNS, you mean the main office DNS server private ip address? Can you share the configuration?

razorbakill · ‎04-23-2010

Yes, the remote pc is using the ip address of the dns server at the main office.
For instance, the main office network 192.168.1.0/24 and remote is 192.168.2.0/24. The gateway to gateway is up and running. The remote pc has static ip info Ip: 192.168.2.100

sub: 255.255.255.0

DG 192.168.2.1

dns 192.168.1.80 & 81

I can ping the dns servers but I can't resolve any names to the local resources on the main office. I can ping anything on the 192.168.1.0/24 network form the remote site. Also, If I use the isp's dns as the secondary dns, I can't get out to the internet through it's local DG.

I wish I could post config but it was an end of day quick setup and I forgot to put the mamagement-access inside command in.

I've set these up before using the vpn site to site wizard without this problem before. Interesting proble that all IP comminication works, but I can't resolve dns either on the intranet or internet.

Jennifer Halim · ‎04-23-2010

For internet access from remote site, have you configured NAT?

Also, do you have ACL that might be blocking DNS?

If you test with DOS prompt, ie:

nslookup

server 192.168.1.80

What do you get? Request timeout?

razorbakill · ‎04-23-2010

Unforutantly I can't access the asa at the moment at the clients site 40 miles away, forgot to add remote mamngemet statement. But I just gave it a plain old startup config as always using defaults other than ip info. Entered in static ip, default gateway in static routes, and dns servers in the default server group, 1 local & 2 from isp. Used the vpn wizard to site up both sides of the tunnel using all defaults except where network info needed to be added. After that it's all default. I didn't create any custom acl's. I have to go back and make sure about isp dns servers, make sure there isn't an issue with isp. But the local dns should work finding local resources using dns over tunnel considering I can ping the dns server. Both the main and remote have the same isp with the same isp dns servers.

Thanks right up front for your input in helping me.