Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
453
Views
0
Helpful
5
Replies

DNS/WINS name translation over PIX 500 series firewall

pbecker
Level 1
Level 1

‎10-06-2005 07:16 AM - edited ‎02-21-2020 12:26 AM

I am having trouble using host names for Remote Desktop access over VPN tunnels using PIX 501, 506, and 515 firewalls. I have a WINS server loaded at each office, and I can use host names with the VPN client outside the networks, but not between locations.

How can I configure the PIX firewalls to allow DNS/WINS name translation for use with Remote Desktop from within the VPN tunnels?

0 Helpful
5 Replies 5

umedryk
Level 5
Level 5

‎10-12-2005 01:49 PM

As far as I know, you cannot translate within the tunnels.

0 Helpful

jackko
Level 7
Level 7

‎10-12-2005 05:35 PM

assuming you are referring to lan-lan vpn between those sites/devices as below:

net1 <--> pix501 <--> internet <--> pix515 <--> net2

with net1 pc, you can point to the dns server that is located in net2. the catch is that all dns will then be forwarded to net2 and consuming more bandwidth over the internet.

0 Helpful

pbecker
Level 1
Level 1
In response to jackko

‎10-12-2005 07:50 PM

Thanks for the suggestion. However, I have a mesh of VPN tunnels between 9 different locations. Pointing to one remote DNS server would only help that one location. I was hoping for some kind of WINS query command that would translate hostnames off the local server to whichever location is trying to access it. As I said, the VPN client is able to allow host names to connect instead of IP addresses, why can't PIX to PIX tunnels?

0 Helpful

jackko
Level 7
Level 7
In response to pbecker

‎10-12-2005 08:19 PM

the reason being by using a vpn client to establish the vpn, as the name suggested, it's a client/server model so the server can push the policy including the dns server; whereas with a pix-pix vpn, or i should say lan-lan vpn, it's more like to join two networks together.

providing you've a dns server for the remote vpn client to point to, you may configure the dhcp server on each site to point to the same dns server.

0 Helpful

redray8
Level 1
Level 1
In response to pbecker

‎10-12-2005 11:11 PM

I am not sure if I understand your topology, if your PIX's are serving as both IPSec endpoints and client VPN (PPTP or otherwise), the client VPN cannot route properly to your remote IPSec endpoints because both tunnels are incoming at the outside interface.

But you mention a TS server. If you configure Push/Pull replication of the WINS servers across the IPSec tunnels, an inside (not client VPN) host should be able to be configured as h-mode NetBIOS client and query the local WINS server to resolve remote IPs. With push/pull replication though, you have to be careful about Master Browser elections and that you block Master Browser advertisements across the WAN/IPSec tunnels.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card