Re: DNS question with VPN
- From: "Igor Mamuzic" <no@xxxxxxx>
- Date: Tue, 30 Aug 2005 01:51:43 +0200
I had a similar problem like yours and solved it. The problem was due to
packets destined for your vpn client's address space (in your case from ip
pool 'ippool') are got NATed and they shouldn't, so exclude all packets
destined for 'ippool' range from NAT.
The only problem that I see in your situation is that you have DNS servers
translated with static NAT entries.... IOS routers (12.3 or later I think)
use something called ALG (application layer gateway) and translates dns
payload packets (queries and responses), since this might be useful in NAT
overlap config. This is enabled by default and I don't know how to get rid
of it. So, I simply got a new DNS server which I placed into my DMZ and this
one resolves my public (Internet) dns zone...
But try with modifying NAT config as I explained at the beginning of my post
and if it doesn't work temporary clear static NAT config if possible to see
if this caused your problem...
Let me know the results...
B.R.
Igor
<random.nick@xxxxxxxxx> wrote in message
news:1125289090.173132.236610@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Hi,
>
> On a 1721 router I have the following issue:
>
> After establishing VPN connection (with an XP, using Cisco VPN clientyo
> v.4.0) some of the host names on the network (single domain,
> AD-Integrated DNS zones, 2 DNS servers) return the LAN IP address
> (192.168.x.x), while some of them - on the same LAN - return an
> external IP address (67.x.x.x).
>
>>>From an XP, connected with VPN to remote LAN:
> ping server1
> 192.168.180.xxx
>
> ping server2
> 67.x.x.x
>
>
> The VPN setup looks like this:
>
> !
> crypto isakmp client configuration group access
> key Password_Here
> dns 192.168.180.14
> wins 192.168.180.14
> domain mydomain.com
> pool ippool
> acl100
> !
>
>
> Hosts listed below in the router config will respond with 67.x.x.x IP,
> while hosts not listed here respond with 192.168.180.x IP address.
>
> !
> ip nat inside source route-map NAT interface Ethernet0 overload
> ip nat inside source static 192.168.180.9 67.x.x.3 extendable
> ip nat inside source static 192.168.180.16 67.x.x.4 extendable
> ip nat inside source static 192.168.180.12 67.x.x.5 extendable
> ip nat inside source static 192.168.180.11 67.x.x.7 extendable
> ip nat inside source static 192.168.180.106 67.x.x.8 extendable
> ip nat inside source static 192.168.180.29 67.x.x.9 extendable
> !
> ...
>
>
> I believe this started to happen after deploying a second DNS server,
> previously all hosts responded with the 192.168.180.x IP addresses.
>
>
> Thank you for any help.
>
> Regards,
> Nick
>
.
- References:
- DNS question with VPN
- From: random . nick
- DNS question with VPN
- Prev by Date: Re: Recommended spares pool size?
- Next by Date: Re: Again: Pix VPN & Routing
- Previous by thread: Re: DNS question with VPN
- Next by thread: Integrate AdvaTel to Cisco CallManager
- Index(es):
Relevant Pages
|
