I setup a asa5505 with static ip info. I then created a vpn site to site vpn tunnel for main office to remote site. Everythig works fine except i can't resolve dns names. I setup both a local dns server address on the remote site asa in the defautl dns server group and an external entry, (isp's dns ). I enabled both dns lookup enabled for inside and outside. I can ping the intranet dns server at the main office from the remote site but it won't resolve any local resources by name. I can only access local resources by ip. Same for the external. Other than that all communication is good. Any thoughts as to why pc's on the remote site can not resolve dns names. Oh, and there is no dhcp setup at the remote site, all pc's are setup with the correct static ip info, ip, sub, GW, & local dns first, then isp's second.
Are you allowing DNS traffic through your access-list at the remote site? When you say the remote PC is setup with local DNS, you mean the main office DNS server private ip address? Can you share the configuration?
Yes, the remote pc is using the ip address of the dns server at the main office. For instance, the main office network 192.168.1.0/24 and remote is 192.168.2.0/24. The gateway to gateway is up and running. The remote pc has static ip info Ip: 192.168.2.100
dns 192.168.1.80 & 81
I can ping the dns servers but I can't resolve any names to the local resources on the main office. I can ping anything on the 192.168.1.0/24 network form the remote site. Also, If I use the isp's dns as the secondary dns, I can't get out to the internet through it's local DG.
I wish I could post config but it was an end of day quick setup and I forgot to put the mamagement-access inside command in.
I've set these up before using the vpn site to site wizard without this problem before. Interesting proble that all IP comminication works, but I can't resolve dns either on the intranet or internet.
Unforutantly I can't access the asa at the moment at the clients site 40 miles away, forgot to add remote mamngemet statement. But I just gave it a plain old startup config as always using defaults other than ip info. Entered in static ip, default gateway in static routes, and dns servers in the default server group, 1 local & 2 from isp. Used the vpn wizard to site up both sides of the tunnel using all defaults except where network info needed to be added. After that it's all default. I didn't create any custom acl's. I have to go back and make sure about isp dns servers, make sure there isn't an issue with isp. But the local dns should work finding local resources using dns over tunnel considering I can ping the dns server. Both the main and remote have the same isp with the same isp dns servers.
Thanks right up front for your input in helping me.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :