DNS doesn't work through VPN Tunnel

[lewisrg78]

Running Active Directory; Secure Remote VPN Client. 2 days agao it was reported that VPN users could not browse the network via name. IP works fine, but cannot resolve names. Firewall seems ok (Checkpoint), DNS Servers are reporting no errors and work fine interally. ACE server is fine and reports no errors. Already restarted DNS server, ACE server, and Firewall, but still unable to browse through VPN. However, we can ping the DNS server by name it will respond, however its slow, very slow. Any member servers, including exchange are unable to be contact via NAME, only by IP Address. Any ideas?

Thanks.

 

[deeno]

I doubt that I can offer any helpful insight into this, but I have a couple things I’d try.

First, you say that you cannot browse the network via names. I guess that I'm a little unsure what you mean by this. Are you trying to browse through the network icon on the desktop, or are you trying to reach a host by its hostname?

If you’re trying to use the network icon on the desktop, then I believe (though I could be wrong) that the computer that is attempting to "browse the network" must be a member of the domain that it is attempting to browse. In other words, you’d have to join that computer to the domain. If the computer is not a member of the domain, I don’t know if this “browsing” capability would be possible.

However, it is possible to reach a host in another domain if you are not a member of that domain. You must use the FQDN, though (unless of course you have a WINS server or some LMHOSTS file running). For instance, if you have a domain called mycompany.local, with an exchange server named exchange1, rather than trying to connect to exchange1, you must try to connect using exchange1.mycompany.local. If you are not a member of the mycompany.local domain, you must use the full name (FQDN).

To try to relate this to something easier to understand, it could be explained that this is not working for the same reason that you can't go into a web browser and simply type

http://www into

the address bar and hope to make it to a specific website. You must tell it to reach "

http://www"

at "tek-tips.com" for lack of a better example.

If your remote computer is not resolving the FQDN of the remote server (exchange.mycompany.local in our example) to an IP address, then you must be sure that you point your client to a DNS that has records to resolve that address. To make sure the client computer is resolving the address properly, check the full address with nslookup. For instance, go into the command prompt and type nslookup exchange1.mycompany.local and make sure the results come back with that server’s IP address. If it does not, then you must point that client to a DNS server that can resolve that address.

You could also try other options, such as a WINS server or a LMHOSTS file, though I think you’d be better off sticking to DNS.

Let me know what you come up with, I’m interested to see if we can work this out.

deeno

 

[al5027]

I have very similar symptoms, namely tyring to get to an exchange server on a corporate LAN via an internet VPN. Unfortunately no cure yet but perhaps a bit more information:

The user pc is connected to the ISP with an IP address say of 64.32...

Once the VPN tunnel is set up to the corporate LAN which is say 140.185..., there are then 2 dns servers to lookup:

64.32.64.39 and
140.185.231.2

The problem is that when looking up the exchange server,it looks at the 64 address DNS and not the 140 address, either for some considerable time or not at all.

Any clues welcome

 

[fdisk911]

Possibly a NetBIOS filter on firewall or VPN client??