Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
301
Views
0
Helpful
3
Replies

VPN Name resolution issue

chris.mckenna
Level 1
Level 1

‎11-06-2002 07:35 AM - edited ‎02-21-2020 12:09 PM

We are using a PIX 506 to terminate our VPN connections. The clients are using the 3.6.2 version of the Cisco client. We have configured the PIX to use a split tunnel. Our problem is that once the clients connect to the VPN they can no longer resolve local device names. They are bale to ping local devices by IP address but if you try to ping by name you get unknown host error. We have tried adding entries to the client hosts files and this seems to work sometimes but not all the time. Our clients are road warriors that connect from home and from client offices. Setting up local networks is not really an option for us so we chose to use the split tunnel design. All routing is functioning correctly as we can reach all addresses by IP and can reach all servers that are listed in DNS correctly. The big problem is Local Exchange servers and local printers.

Any suggestions would be very appreciated.

Chris

Labels:
0 Helpful
3 Replies 3

sskillin
Level 1
Level 1

‎11-07-2002 01:29 PM

Sounds like NT4...So, when you're at a "remote office", while connected you can reach the "main office" servers by name but not the local resources where you are, correct? The lmhosts file should take care of this, I would guess, or you can populate the currently active name resolver (the "home office" WINS or DNS) with this info.

0 Helpful

chris.mckenna
Level 1
Level 1
In response to sskillin

‎11-07-2002 01:44 PM

The clients are w2k and xp. You are correct that name resolution at the main office (the site the vpn provides connectivity to) works fine and the name resolution on the local network does not work. I am not real familiar with lmhosts but do not think that will work for us. Our clients are mobile working form different offices I can only assume they would have to change the lmhost file with the appropriate entries for every office they visited? One thing I am curious about is the setting within the vpn client to allow support for local networks. We are running a split tunnel and it is my understanding that you do not need to enable support for local networks if you run the split tunnel. Does anyone know if this is a correct assumption. Also I know how to tell the client to support local networks but how is this configured on a PIX 506? Could this help local name resolution we are able to ping all destinations (local netowork, main office, and internet) we just don't get name resolution on the local network.

0 Helpful

MrCrowther
Level 1
Level 1

‎11-15-2002 04:34 PM

What the users are not seeing is UDP ports for NetBIOS. This is typically blocked to reduce broadcast traffic. I think it's port 53 or 139...anyway, try looking for help regarding the command 'ip helper-address'.

HTH

Jerry

0 Helpful
Customers Also Viewed These Support Documents