Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
689
Views
0
Helpful
1
Replies

Client Registering with DNS - VPN Client

blaskoski
Level 1
Level 1

‎03-03-2008 07:56 AM - edited ‎02-21-2020 03:35 PM

I am using a Cisco VPN Concentrator and a Windows XP workstation. I have

created a "wide open" profile on the concentrator to allow me to log onto my domain over

the tunnel and access all my resources locally. The profile is wide open, and split

tunnelling is not enabled, so all traffic is routed over the tunnel while established.

This works very well.

However, the VPN Client PC gets an Ip from the ISP. When I log onto the machine and it

registers on my domain, the VPN Client assigns an address. In my DNS at the main campus,

the workstation gets registered in DNS with both IP's. The ISP is not valid (the

192.168.254.1) because I do not route that addess, nor do I want too.

See below....

U:\>ipconfig

> Windows IP Configuration

>

> Ethernet adapter Local Area Connection:

> Connection-specific DNS Suffix . : domain.invalid

> IP Address. . . . . . . . . . . . : 192.168.254.1

> Subnet Mask . . . . . . . . . . . : 255.255.255.0

> Default Gateway . . . . . . . . . :

>

> Ethernet adapter Local Area Connection 3:

> Connection-specific DNS Suffix . : bcne-master1.bcne

> IP Address. . . . . . . . . . . . : 192.168.52.3

> Subnet Mask . . . . . . . . . . . : 255.255.255.0

> Default Gateway . . . . . . . . . : 192.168.52.1

>

> U:\>nslookup testremote

> Server: jupiter.bcne-master1.bcne

> Address: 10.201.8.20

>

> Name: testremote.bcne-master1.bcne

> Addresses: 192.168.254.1, 192.168.52.16

>

So only the 192.168.52.16 is valid, the other isn't routed. How do I prevent this

behavior, either on the concentrator, on the client, or on the domain. I do not want both

addresses registered.

Thanks

Labels:
0 Helpful
1 Reply 1

didyap
Level 6
Level 6

‎03-07-2008 01:59 PM

You can configure the vpn client to not to route the traffic with source IP assigned by the ISP via the vpn tunnel. Following link may help you

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008073b06b.shtml#vpn405

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents