Another IPsec question!

[Stingreen]

Ok here is the deal, I've setup IPsec for each server and they're running ok except one small problem.
If one of the workstations want to access the server via network,
he/she has to access it like .. \\servers_ip_address rather than \\hostname_of_server
Meanwhile pinging the hostname of the server turns "unknown host" .
Ports 139 and 135 are already permitted to the network but clients should access them by double clicking onto servers "hostname" in order them to recognise what server they're accessing into.
What else should I do/allow/permit ?
PS : ICMP packages are permitted also, so pinging by "ip address" always replies back.
Thanks in advance.

 

[RiezalR]

Not that familiar with IPSec myself. But to me this looks more like a DNS type of problem. It is unable to search for the hostname_of_server because there is no corresponding IP address to it. You have to define a hostname and assign an IP to it. Not sure how you configure it on your system, but an example on a Linux system would be to edit the /etc/hosts file. It's where you define a hostname and the IP address assigned to it. This would be used as a reference when the hostname is called upon. I'm no IPSec expert, but i hope that gives you a rough idea.

 

[Stingreen]

cod3x,
I found a similar file in my windows workstation. And the description goes just like you said. "Add the proper IP address corresponding to it's hostname"
If I add all the hostnames and IP addresses to this file one by one, I guess I'll solve the problem. not sure though, give it a try right now.
Thanks.

 

[RiezalR]

Just logged on with my Linux box. Thought i'd just show you an example of what I was talking about. This is an example of how a /etc/hosts file in Linux would look like. Your system should have an option similiar to this.

[root@localhost DoS]# cat /etc/hosts
127.0.0.1 localhost.localdomain
192.168.1.3 WinXP.c0dex.org


[root@localhost DoS]# ping WinXP.c0dex.org

PING WinXP.c0dex.org (192.168.1.3) from 192.168.1.2 : 56(84) bytes of data.
64 bytes from WinXP.c0dex.org (192.168.1.3): icmp_seq=1 ttl=128 time=0.203 ms
--- WinXP.c0dex.org ping statistics ---
1 packets transmitted, 1 received, 0% loss, time 1003ms

This is how its configured on my network.

 

[Stingreen]

Yup,
hosts file did the trick, solved the problem!
Working like a charm, thanks a lot.
sting.

 

[JeffHicks]

Just a thought, but it should not be too hard to setup a DNS server on your network. That would eliminate the need to manually configure clients with the hosts files and would allow you to dynamically change the IP addresses of your hosts as needed. Just a thought...

 

[Stingreen]

Jeff,
That's where I had the problem. I already have a DNS server in the network. Before setting up the IPsec on the server I was able to ping it like "ping hostname_of_server". This was fine, but after setting the ipsec up in the server, ping request turned "unknown hosts". Somehow, server could not be able communicate with DNS therefore clients would never reach it even though DNS ports are already permitted in the ipsec rules.
Thanks!