Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cannot ping by name with VPN Client

Status
Not open for further replies.
octavian10

octavian10

MIS
Joined
Apr 3, 2003
Messages
180
Location
US
Hello all, I have a problem that I am sure someone else must have come across. I have 2611 router that is acting as a vpn server. I am using Cisco VPN Client. The vpn seems to be working fine, I can connect, am issued ip address, dns, wins and domain name. I can ping by ip address, search for computers by ip address, and even map drives by ip address. What my problem is I cannot ping by name or FQDN and I dont know why, I have DNS and WINS on tne same box that is the Domain Controller and can ping this PC by ip address all day, so why wont name resollution work? The reserch I have done to this point seems to imply this is a Microsoft issue, and I will post this question in the Windows 2003 forum also. Any help from someone out there would be awsome. This is driving me nuts!

"I hear and I forget. I see and I remember. I do and I understand."
- Confucius (551 BC - 479)
 
Sort by date Sort by votes
Can you ping the WINS and DNS servers via your tunnel? If so, if you try and do an NSLOOKUP from DOS, does this work or fail? It could potentially an ACL problem assuming you may have defined an ACL to control who can talk to what over the tunnel.
 
Upvote 0 Downvote
KiscoKid, I CAN ping the WINS and DNS server through the tunnel. NSLOOKUP fails, but it "trys" to the correct DNS servers ip address. I had to put an extended ACL on the Crypto ISAKMP Client configuration Group. Here is my running-config, let me know what you think. I think this ACL may be the problem but modifing or removing it makes the whole tunnel quit working.
Hope you can help thanks.

Current configuration : 1657 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname vpnrouter
!
boot-start-marker
boot-end-marker
!
memory-size iomem 15
aaa new-model
!
aaa authentication login vpnauthenticate local
aaa authorization network remote local
aaa session-id common
ip subnet-zero
ip cef
!
ip domain name remote-systems.net
ip name-server 172.16.1.10
!
ip audit po max-events 100
!
username opandrea privilege 15 secret 5 $
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group remote
key remotekey
dns 172.16.1.10
wins 172.16.1.10
domain remote-systems.net
pool remote_pool
acl access
!
crypto ipsec transform-set easyclients esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set easyclients
!
crypto map static client authentication list vpnauthenticate
crypto map static isakmp authorization list remote
crypto map static client configuration address respond
crypto map static 999 ipsec-isakmp dynamic dynmap
!
interface Ethernet0/0
ip address 69.165.XX.XX 255.255.254.0
half-duplex
crypto map static
!
interface Serial0/0
no ip address
shutdown
!
interface Ethernet0/1
ip address 172.16.1.1 255.255.255.0
half-duplex
!
ip local pool remote_pool 192.1.1.1 192.1.1.50
no ip http server
no ip http secure-server
ip classless
!
ip access-list extended access
permit ip 0.0.0.0 0.0.0.255 any
!
line con 0
logging synchronous
line aux 0
exec-timeout 5 0
line vty 0 4
exec-timeout 5 0
!
end

"I hear and I forget. I see and I remember. I do and I understand."
- Confucius (551 BC - 479)
 
Upvote 0 Downvote
You should have in you VPN IOS script something like this

crypto isakmp client configuration group XXXXXX
key XXXXXX
wins 192.168.1.2
pool ippool

The actual WINS address depends up the IP address of your WINS server

Each Client Group should hava WINS address if there is a WINS serevr available on its pool subnet

Test the WINS server internally first

Hope this helps
 
Upvote 0 Downvote
TrafficCop, Im not sure what you mean, I have all of that info in my client configuration group. Also this is the first time I have had to use WINS so im not sure if it is working correctly. How can I test it internally. The WINS server is Win2K with XP Pro client.
Thanks


"I hear and I forget. I see and I remember. I do and I understand."
- Confucius (551 BC - 479)
 
Upvote 0 Downvote
Hello all, I think I have this figured out. It was a wins issue. I registered the remote pc with wins on the local lan and then tried it over the tunnel and it works. Sort of, I can now ping by name but browsing the netwok only worked once and not since. Im trying to fix this now any sugestions?

"I hear and I forget. I see and I remember. I do and I understand."
- Confucius (551 BC - 479)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
569
CPM86
CPM86
quazimotto
  • Locked
  • Question Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
321
quazimotto
quazimotto
WinstonCH
  • Locked
  • Helpful tip Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
915
BIS
BIS
melhabba
  • Locked
  • Question Question
HOW to change display name
Replies
0
Views
313
melhabba
melhabba
inlsp05
  • Locked
  • Question Question
2811 ios start with cf
Replies
0
Views
346
inlsp05
inlsp05

Part and Inventory Search

Sponsor

Back
Top