Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
700
Views
0
Helpful
9
Replies

enable to connect to internal server by name with vpn remote access

ybelkassem
Level 1
Level 1

‎05-28-2012 05:25 AM - edited ‎02-21-2020 06:05 PM

hi ,

we have  users that connect to internal server via a  vpn remote acces configured on  ASA  ,

when they use ip address they can connect successfully to the servers but  when they use the name they can't connect .

i have test the connexion between tthe vpn pool and the serves it's ok .and wehen i made a ping -a on a internal servers from a pc connected by vpn the pc find the name of the servers but when i made nslookup it shows me  the ip adress of the interanl dns and request time-out .

please help me to solve this issue .

Labels:
0 Helpful
9 Replies 9

Jennifer Halim
Cisco Employee
Cisco Employee

‎05-28-2012 05:28 AM

do you try to connect just by name or with its fully qualified name (fqdn)? can you try with fqdn and see if it works?

also if it works, you can add the "default-domain" configuration under group-policy.

0 Helpful

ybelkassem
Level 1
Level 1
In response to Jennifer Halim

‎05-28-2012 05:34 AM

thanks for you response ,

i want to tell you that not all users have this problem ,

there are users that can connect by name  from 3g from one provider but there are others users that use other 3g provider ,sometimes they wok fine somestimes they not work

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to ybelkassem

‎05-28-2012 05:49 AM

Hmm, that sounds very random, and I assume that if they are connected to LAN/wired/wireless, there is no issue, right?

Do you know if those users that use the 3g provider that does not resolve internal dns happens to be the same 3g provider? Just trying to see if it is something on the 3g that might be blocking it.

0 Helpful

ybelkassem
Level 1
Level 1
In response to Jennifer Halim

‎05-28-2012 06:02 AM

no it's from different provider .

i have make the default domain but i still receive the request time out

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to ybelkassem

‎05-28-2012 06:08 AM

Did you try to disconnect from the vpn client after the default-domain has been added, and reconnect again before testing it?

0 Helpful

ybelkassem
Level 1
Level 1
In response to ybelkassem

‎05-28-2012 07:37 AM

yes i have disconnected from the vpn after i added the default-domain commande

i have attached the cnfiguration ,you can  check it i tell me what is wrong on it .

128829-asa.txt.zip
0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to ybelkassem

‎05-28-2012 08:47 PM

If you try to resolve the full name instead of just the server name, does it work?

0 Helpful

ybelkassem
Level 1
Level 1
In response to ybelkassem

‎05-29-2012 01:02 AM

it does not work ,

how ca i debug and see if the traffic arrive to the asa from  the 3g connexion

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to ybelkassem

‎05-29-2012 04:39 AM

If it works from some 3g and not from other 3g, I don't think it's issue with the ASA nor the VPN Client. It sounds more like a 3g connection somehow causing the issue.

BTW, I assume that you can ping your DNS server from the VPN Client?

To check if traffic arrive, check the output of "show cry ipsec sa" and see the encrypts and decrypts counters

0 Helpful
Customers Also Viewed These Support Documents