Announcement

Collapse
No announcement yet.

Using Cisco Router To Route Host Instead Of Adding To Windows Host File

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Using Cisco Router To Route Host Instead Of Adding To Windows Host File

    I may have the topic wrong, not sure the right word to describe what I'm trying to do.

    I have a site to site vpn set up in which computers on 1 side can ping server ip address on other side. But i need to be able to ping hostname of the server, and the only way i can do it is if I edit the host file on the computers. Is there something i can add in a cisco configuration to eliminate editing the host file. I was reading on Mapping Hostnames to IP Addresses, but I'm not sure if that's the right thing. It has a step of entering in a port #.

    I have cisco 1941, ASA 5510, ASA 5515. If there is a way, and someone could show me how to do, or lead me in the right direction on 1 of these, i should be able to figure out the others.

    Also, i have a Cisco on one side, and Sophos UTM 320 on other. Would i have to do on both sides? Sophos on computer side. Hope not, cause then i'd have to figure out the Sophos.


    Thanks
    Last edited by Kobe 310; 13th April 2017, 16:21.

  • #2
    Are both sides on the same company network? i.e. same company for both sides of the tunnel?

    If it were my network i'd be looking at using DNS to accomplish this. We have many, many sites and i can ping any host in any site and all i require is DNS configured properly.

    Site 1 and Site 2 should in essence, if they are the same company, have a DNS server on each side.

    A bit more about your setup would help us.

    Comment


    • #3


      yes, i have 1 dns server on 1 side(Server Side), if i static the ipv4 dns on the computers to point to my dns server it works, problem is, most computers are laptops, when employees take them home , the alternative dns server...google, comcast, wont always take over, will still look for my dns server.

      Not great at understanding DNS, but if i set up a DNS server on the computer side, set up a forwarding address of the ip address of the server i'm trying to resolve, even though it lives on the other side, would that be configuring it correctly?

      i have my cisco 1921 dns on the compuer side, set up to point to my dns server, but that doesn't work. Was hoping there was something i could do in cisco.




      Comment


      • #4
        How do you handle host addresses on the 'computer side'? If there's DHCP working, that address lease should include a DNS server address. Cisco devices routinely include the ability to issue addresses, so as long as that's configured correctly, and the tunnel is up between sites, you should be fine. For those devices that travel, when they're not connected to your system, they should be getting DNS from wherever they're getting their addresses from at that point in time.

        If you're using manual IPs assigned to clients on the computer side, how do they deal with not being connected when they're away?
        *RicklesP*
        MSCA (2003/XP), Security+, CCNA

        ** Remember: credit where credit is due, and reputation points as appropriate **

        Comment


        • #5
          As with Rickles you will need a DHCP server setup so that your clients can receive an IP address and then the DNS server IP address, this can be across a VPN tunnel.

          Your clients won't work from home unless you are connected to a VPN and able to get a DNS address from that, remember your internal addresses are not visible on the internet.

          Comment


          • #6


            Originally posted by RicklesP View Post
            How do you handle host addresses on the 'computer side'? If there's DHCP working, that address lease should include a DNS server address. Cisco devices routinely include the ability to issue addresses, so as long as that's configured correctly, and the tunnel is up between sites, you should be fine.
            I have my DNS server address in the DHCP config, but for some reason it doesn't work, I assumed that was all i needed to do. This particular site to site has been up for several years, but i haven't been in a position where i had to rely on a hostname.

            We got a new software company for one of our programs in which i had to set up on about 75 computers. I had to set up a fax server, (This was the server you were helping me with earlier with the RAID issue...(Thanks again for your help!!!)) and they programmed their side to look for the hostname of the fax server, so each one of these computers needs to be able to ping the hostname.


            Originally posted by RicklesP View Post
            If you're using manual IPs assigned to clients on the computer side, how do they deal with not being connected when they're away?
            I used to, DNS only, but I've had several phone calls that people couldn't get on the internet, and it was the dns, so i did away with static'ing the laptops.


            Originally posted by wullieb1 View Post
            Your clients won't work from home unless you are connected to a VPN and able to get a DNS address from that, remember your internal addresses are not visible on the internet.
            yea, I use Cisco Client, and Anyconnect, i get my DNS server ip, but i still have to enter the ip and hostname in the hostname file, for it to ping.


            Now when you guys mention DHCP SERVER, that makes me think of windows server Role- DHCP, or are you referring to the cisco router as being the server?
            Last edited by Kobe 310; 18th April 2017, 14:31.

            Comment


            • #7
              As long as you have something which controls DHCP on your network, it doesn't really matter whether it's a role on a Windows server or an available function turned on in a piece of networking kit (like an ASA). Since that's the first thing a client needs, that should work, always. And DHCP leases can contain a lot of different information if needed, but the most basic is A) the client IP address being offered, and B) the DNS address(s). You described DNS server ip given by some DHCP service but you still need to use a host file entry. That tells us your DNS info isn't working, or at least isn't contactable by the clients.

              What happens when you ping the DNS ip from a client computer? Not the DNS server name, but the ip itself? If it doesn't answer that, you have deeper issues. If the DNS server is up, and the services are all running and Active Directory is working OK where the servers are but not for the clients, your existing site-to-site config needs work. Best practice as has been mentioned before is to have DNS served at each site (maybe with DHCP and a DC?), just for situations like this.

              You'd mentioned before about the kit at each end of your site-to-site: your traffic rules should allow port 53 UDP and TCP to ensure your server-side DNS is contactable from your clients. If the DNS server ping test I described works but pings to names don't unless you have a hosts entry, then your tunnel is almost certainly the problem.
              *RicklesP*
              MSCA (2003/XP), Security+, CCNA

              ** Remember: credit where credit is due, and reputation points as appropriate **

              Comment


              • #8
                Had my first grandson yesterday, wasn't able to read post till this morning. Thanks for the explination!!!I I've always meant to ask that question, but keep forgetting. I can ping the ip address...... Ok, thanks for the info!!! I'll check the ports and do some more troubleshooting.
                Last edited by Kobe 310; 20th April 2017, 18:28.

                Comment


                • #9
                  Originally posted by Kobe 310 View Post
                  Had my first grandson yesterday.
                  Many congratulations. Its a great feeling isn't it.

                  Comment


                  • #10
                    Thanks!!! It is!!!

                    Comment

                    Working...
                    X