Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
863
Views
3
Helpful
7
Replies

Mutli DNS over IPSec

dumaschrist
Level 1
Level 1

ā€Ž07-02-2013 08:25 AM - edited ā€Ž02-21-2020 07:00 PM

Hi,

We have an issue with one of our users using IPSec.

We have 2 DNS register in IPSec settings and for one user we have set enableLocalLan to 1 ( to keep  access to his home printer ).

This user need to access an intranet application.

But sometimes (we think randomly for now) he got an error 404 page not found.

Doing a tracert at this time, we notice that it try to access aplication trought internet, not our network.

So, have you experiencing this issue ?

Thanks

Labels:
0 Helpful
7 Replies 7

Michael Muenz
Level 5
Level 5

ā€Ž07-03-2013 04:19 AM

Do an "ipconfig /all" on the client when logged in and check DNS settings and if DNS Servers and resolved networks are routed via VPN.

Michael

Please rate all helpful posts

Michael Please rate all helpful posts

dumaschrist
Level 1
Level 1

ā€Ž07-03-2013 05:46 AM

Thanks,

Yes we did it but all DNS are correctly routed when the client logged in.

We have checked if the client disconnect when the error occurs but it still connected.

0 Helpful

Michael Muenz
Level 5
Level 5
In response to dumaschrist

ā€Ž07-03-2013 05:50 AM

Ok, don't know if I understand everything, sometime your clients geht a DNS name resolved with an internet IP, and not the IP which would be resolved via interal VPN DNS servers?

Can you eplain with an example? Client and Server IP, DNS-Name etc.

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
0 Helpful

dumaschrist
Level 1
Level 1
In response to Michael Muenz

ā€Ž07-03-2013 07:43 AM

Ok,

Note that this user use a laptop.

We have 2 DNS set in IPSec :  192.168.0.245

                                              192.168.1.245

And to keep access for our user home printer, we set enableLocalLan=1 (I think it's the problem)

Intranet App can be reach with : remote.domain.com/app (with both DNS above)

But remote.domain.com (by internet) send us to an hosted directory currently empty

So if we try to access remote.domain.com/app/default.aspx outside of our network, it return 404 Page not found.

Most of the time everything goes well but, sometimes it seems that it use wrong DNS (8.8.8.8) so... 404 error

I hope you understand,

Thanks

0 Helpful

Michael Muenz
Level 5
Level 5
In response to dumaschrist

ā€Ž07-03-2013 07:50 AM

Which networks do you tunnel over  IPSEC?

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
0 Helpful

dumaschrist
Level 1
Level 1
In response to Michael Muenz

ā€Ž07-03-2013 07:54 AM

IPSec tunnel to 192.168.3.254 routed to 192.168.0.254 and 192.168.1.254

0 Helpful

Michael Muenz
Level 5
Level 5
In response to dumaschrist

ā€Ž07-03-2013 07:57 AM

These are your DNS server, I mean the split tunnel config? Just post your acl's

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
0 Helpful
Customers Also Viewed These Support Documents