Announcement

Collapse
No announcement yet.

Cisco VPN client DNS problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco VPN client DNS problem

    Hello forum,

    I have a strange problem when I connect via Cisco VPN client to my work from home. The client dosn't work with the company's DNS servers.
    I'm working via ADSL connection.
    When I run nslookup command while I'm connecting via VPN I get the the Default server is 10.0.0.138. It is an address of my ADSL router. I don't see the company's DNS servers.
    I have found a workaround to put the company's DNS server to a local area connection manually. But it is not the solution.

    My PIX is configured as following:
    vpngroup VPN0 address-pool vpn-pool
    vpngroup VPN0 dns-server 172.16.10.28 172.16.10.33
    vpngroup VPN0 default-domain mycompany.com
    vpngroup VPN0 split-tunnel split-list
    vpngroup VPN0 idle-time 1800
    vpngroup VPN0 user-idle-timeout 20
    vpngroup VPN0 device-pass-through
    vpngroup VPN0 password ********

    Please see below the output of ipconfig /all command from my pc:
    Windows IP Configuration
    Host Name . . . . . . . . . . . . : ltapotp
    Primary Dns Suffix . . . . . . . : mycompany.com
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : mycompany.com

    Ethernet adapter Local Area Connection 3:
    Connection-specific DNS Suffix . : home-network
    Description . . . . . . . . . . . : Linksys EtherFast 10/100 USB Network Adapter
    Physical Address. . . . . . . . . : 00-04-5A-97-47-0A
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 10.0.0.1
    Subnet Mask . . . . . . . . . . . : 255.0.0.0
    Default Gateway . . . . . . . . . : 10.0.0.138
    DHCP Server . . . . . . . . . . . : 10.0.0.138
    DNS Servers . . . . . . . . . . . : 10.0.0.138
    Lease Obtained. . . . . . . . . . : Saturday, August 16, 2008 12:49:44 PM
    Lease Expires . . . . . . . . . . : Saturday, August 16, 2008 2:49:44 PM

    Ethernet adapter Local Area Connection 2:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Cisco Systems VPN Adapter
    Physical Address. . . . . . . . . : 00-05-9A-3C-78-00
    Dhcp Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 172.16.100.45
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : 172.16.10.28
    172.16.10.33

    Thanks in advance,
    --
    Gennady

  • #2
    Re: Cisco VPN client DNS problem

    It seems to me that everything is working as expected. Your default server is going to be the server registered to the physical adapter, not the virtual adapter. Look at the ipconfig/all output again and you'll see that the VPN adapter does have your internal DNS servers listed. Those are the ones that wil be used to resolve DNS queries for the network that the VPN adapter connects to (your work network). All external (internet) queries will use the DNS servers listed on the physical adapter. The only reason that DNS queries for the VPN network would fail is if your home network and work network used the same ip subnet, which they don't. Have you tried resolving internal DNS records while connected to the VPN? Try pinging an internal server while you're connected and post the results back here.

    Comment


    • #3
      Re: Cisco VPN client DNS problem

      Thank you for your quickly reply.
      Inside my company network I'm able to ping by IP address however there is no name resolution.
      I can't connect to my Excnage server for instance.

      Thanks,
      --
      Gennady

      Comment


      • #4
        Re: Cisco VPN client DNS problem

        Gennady70 - have you been able to get this issue resolved? I encountered this same issue recently with one of our remote users. While connected to VPN and trying to ping an internal server, DNS resolves to an external address.
        Therefore, the end user's Outlook client cannot connect to the Exchange server.

        This is one of those cases where it was working one day and stopped working the next. All the IP configurations are the same and haven't changed.

        Comment


        • #5
          Re: Cisco VPN client DNS problem

          Exact same problem here, so anxiously awaiting an update.

          -Brian

          Comment


          • #6
            Re: Cisco VPN client DNS problem

            Ditto!
            Same issue here
            very annoying!!!

            Comment


            • #7
              Re: Cisco VPN client DNS problem

              the same problem, but solved: try add to hosts file (windows-system32-drivers-etc) ip addres and full exchange server name, like: 10.0.0.2 exchangename.domainname.com,

              Comment


              • #8
                Re: Cisco VPN client DNS problem

                Originally posted by Alexman View Post
                the same problem, but solved: try add to hosts file (windows-system32-drivers-etc) ip addres and full exchange server name, like: 10.0.0.2 exchangename.domainname.com,
                Yes I found this "work around" to work but I'd still like to fix the problem.

                host file editing can be a nightmare when IP's change.

                Comment


                • #9
                  Re: Cisco VPN client DNS problem

                  If you have Exchange then you should have WINS still. Try setting that server in the PIX

                  Code:
                  vpngroup VPN0 wins-server 172.16.10.28 172.16.10.33
                  I think that is the right command

                  EDIT: obviously make sure Exchange is registered in it, DCs as well.
                  cheers
                  Andy

                  Please read this before you post:


                  Quis custodiet ipsos custodes?

                  Comment


                  • #10
                    Re: Cisco VPN client DNS problem

                    Hi, I was *sort of* able to fix this issue. I am not sure what caused it, but I was able to work around it.

                    First off, I'll say that I run MacOSX 10.5, and originally I had VMWare Fusion installed. Cisco does not support VPN Client if you have VMWare installed.

                    This problem just sort of appeared one day - it may have coincided with adding split-dns, however I am not able to confirm this.

                    Nevertheless, it seems that somewhere in the files that the VPN client keeps, it got a particular DNS server "stuck". No matter where I connected from, I would always use that particular DNS server IP, even if it wasn't on my local nor corprate networks.

                    The simple (yet annoying solution) is to uninstall the VPN client and MAKE SURE you check the options to delete ALL files (profiles, etc), and then reinstall it. Works fine now. If this happens again, maybe I'll try to track down the particular file that causes the issue, but I can't do it now.

                    Comment


                    • #11
                      Re: Cisco VPN client DNS problem

                      Thanks very much for the post, highly appreciated.
                      cheers
                      Andy

                      Please read this before you post:


                      Quis custodiet ipsos custodes?

                      Comment

                      Working...
                      X