Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
493
Views
0
Helpful
4
Replies

weird no name resolution over VPN issue!!

brentwoodind
Level 1
Level 1

‎02-05-2007 08:55 AM - edited ‎02-21-2020 02:51 PM

I am a newbie when it comes to Cisco equipment. We have a PIX firewall (506E) and have clients using client VPN software. Users VPN in to one site.

Everything was great until a couple of weeks ago.

I have a weird issue were our users who use VPN client cannot get name resolution. But if they allow the connection to sit for about 15 minutes, resolution works.

PC's that were never on our domain can use the VPN client and have no problems at all. My home PC has NO such problems.

Windows 2000/2003 servers. Win 2000 Domain. exchange 2000.

We just recently added a new DNS server and removed the old one. also upgraded our ISA server to 2004 from 2000.

I know our internal IP is actual a public address. This has been like this for several years, and will be switched to a private one in a month. we inherited this!!!

Connection-specific DNS Suffix . : corporate.company.com

Description . . . . . . . . . . . : Cisco Systems VPN Adapter

Physical Address. . . . . . . . . : 00-05-9A-3C-78-00

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 172.16.0.116

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 130.1.X.XXX 130.1.X.X

C:\Documents and Settings\wmiller>ping mail1

Ping request could not find host mail1. Please check the name and try again.

I can terminal service to internal servers by using the IP, not name.

Any ideas? Where can I start gathering log files or troublehooting this?

Labels:
0 Helpful
4 Replies 4

acomiskey
Level 10
Level 10

‎02-05-2007 09:58 AM

Check your default domain name being supplied to clients "corporate.company.com".

I had similar issues and was not supplying correct domain name.

Where does the dns server sit? Can you ping it from vpn? Does pix have a route to it?

0 Helpful

brentwoodind
Level 1
Level 1
In response to acomiskey

‎02-05-2007 11:18 AM

acomiskey,

thank you so much for the reply.

The default domain is correct. Althought the PIX has a different domain name assigned to it in PDM software.

the DNS servers sit inside the PIX. It is a single domain, with 2 DNS servers.

I will have to re-verify if I can ping in VPN. Last I recall, I could not ping.

Where in the config do I look for a route? Or should I post my config?

Like I said this was inherited, and I am very new to PIX.

0 Helpful

acomiskey
Level 10
Level 10
In response to brentwoodind

‎02-05-2007 11:25 AM

Actually, since you say that some computers work ok, I would not suspect a routing problem, but "show route" will display routes in pix.

Might as well post a sanitized config. I'm sure someone here can help you out.

0 Helpful

brentwoodind
Level 1
Level 1
In response to acomiskey

‎02-05-2007 12:13 PM

acomiskey,

Again thank you for the response.

This is very perplexing. I agree that it is not a routing issue. It is weird that PC/laptops not in the domain do not have this issue. (not that I am aware) I have tested several including my own home PC and they work as expected.

we have 3 remote sites that are connected by routers. But all clients VPN in to the corp site.

Attached is my config:

Preview file
8 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents