Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
555
Views
0
Helpful
2
Replies

Can ANYONE get DNS to work with VPN client and PIX-515???

mobartz
Level 1
Level 1

‎07-06-2001 06:03 AM - edited ‎02-21-2020 11:22 AM

I posted a message last month, but got nowhere. Cisco TAC hasn't helped either. DNS queries simply do not behave properly with the version 3 client. The PIX pushes out the proper DNS server entries but they are not queried by the client.

Does anyone have any ideas??

Thanks,

Mike

-----

As the subject says, I'm working with a Cisco PIX-515 and the new v3.0.2 VPN client. Everything seems to work great, except on the Win98se machine that I'm using for testing, the system continues to use the ISP DNS resolvers instead of the internal one pushed out from the PIX.

A look at winipcfg reveals that the the internal DNS servers are listed, but doing a ping from the command line will access the public IP address of the machine that I'm trying to connect to, rather than the private IP address.

If I ping something for which there is NO public DNS entry, I get the proper internal ip address.

If I ping something for which there IS a public DNS entry, I get the public one instead of the private one.

Telnet, http, etc. all produce the same problem.

Any ideas? I've heard of using a hosts file to deal with this, but I want to avoid the maintenance nightmare of that.

Thanks,

Mike

Labels:
0 Helpful
2 Replies 2

mmellet
Level 3
Level 3

‎07-12-2001 01:10 PM

Check your DNS Server configuration. Sniff the packets if necessary. YOUR DNS server has got to be serving the external address to your remote clients for some reason. Make sure your DNS server is not querying an external DNS server. If nothing else works, try ripping out your IP stack in Windows and re-setting it up from scratch. You will likely to have to talk to Microsoft or a DNS certified administrator about this.

0 Helpful

snorton-sumc
Level 1
Level 1

‎08-13-2001 05:46 PM

I had the same problem, it seemed that hardcoded dns entries w/ 2 entries didn't get overwritten by the client.

I was able to get around it by using statically assigning only one dns server or by using dynamic entries.

you might also try the 3.03 client.

-Steve

0 Helpful
Customers Also Viewed These Support Documents