Weird DNS forwarding issue from Concentrator 3000 - Lan to Lan IPsec
So I am banging my head against a wall with my current issue and any guidance/help would be very appreciated. My issue is that I cannot get certain DNS traffic through my Site to Site IPsec VPN. The Site to Site vpn is hosted by a Cisco Concentrator 3000 on the main site (192.168.0.17 - Cincinnati) and on the other side is a SonicWall (TZ210 - 192.168.1.1 - Chicago). Below is a link to a very simple diagram of the network.
Now, the background behind this issue is that there is a server in the Chicago office (192.168.1.2) that I need to add to the domain. The Domain controller (192.168.0.8) is in the cincinnati office. When trying to join the domain, the Chicago server cannot join it because it cannot get DNS responses from the cincinnati server/s (I have 2 domain controllers and the Chicago server cannot get DNS from either). I have complete connectivity through the tunnel and everything else that I can see works correctly.
I have done packet captures and I can see that the server in Cincinnati receives the DNS request, it sends the request off the the router and I can see the router is sending it off to the Concentrator via some static routes. On the other side of things, I can see the Chicago server send the requests, but it never receives any responses. My problem is, I do not know if the concentrator is dropping the packets or if the Sonicwall is dropping the packets. So a little help in this area will possible put in the right direction to track down the culprit.
Now, there are some weird things I have seen through experimenting which is throwing a wrench in this whole process for me. First off, if I set the server in Chicago's DNS server to the router in Cincinnati (192.168.0.1 - Untangled on the picture) I get DNS responses. Secondly, if I make the server in Chicago a DNS server (Non-domain) and have a client in Cincinnati use it as it's DNS server, the client in Cincinnati gets DNS responses.
So, another question, is there any difference between a router's dns response compared to that of a Windows DNS response?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :