cancel
Showing results for 
Search instead for 
Did you mean: 

VPN possible DNS issues?

Highlighted
Getting noticed

VPN possible DNS issues?

Hi all,

We have an MX64 connected to our Core Switch that administers our VPN and acts as our gateway with modems attached to it. So we have VPN on a certain subnet, and the nameservers are specificed as our Domain Controllers.

We have the domain on a different subnet, and that seems to be working fine with our DNS servers. 

 

When I VPN in from home, the connection is established fine. But when I go to use Remote Desktop to log onto my work computer, I can't type in its name or its ip address. I can't hit anything with Remote Desktop by name; I can only remote into the Domain Controllers via their IP addresses, which are specified as the nameservers in the Meraki dashboard.

 

Got any hints for me? I'm all ears!

 

Thanks peeps!

Tags (2)
10 REPLIES 10
Here to help

Re: VPN possible DNS issues?

At the home computer, when you type ipconfig /all does the MX come up as the DNS server or does your DNS server on the other side of the VPN come up? if you manually type in the DNS server in the DNS section of your network adapter's IP properties are you able to resolve hostnames? 

Getting noticed

Re: VPN possible DNS issues?

I will certainly check that tonight. I have specified the DNS servers in my VPN connection, but not in my main connection.

 

Strangely, I have two long-time users without any special settings that use VPN just fine. One is an off-site domain computer that is almost always connected via Remote Desktop to a computer on-site.

Another is a regular remote user. I haven't seen anything of note in their settings.

 

What do you think of split-tunneling? Someone mentioned that to me as a possible solution.

https://documentation.meraki.com/MX-Z/Client_VPN/Configuring_Split-tunnel_Client_VPN

Here to help

Re: VPN possible DNS issues?

I'm looking through my Meraki dashboard, where did you specify what DNS servers to use for your VPN connections? Is this regarding "Client VPN" or "Site to Site", sounds like Client but I want to make sure? 

Getting noticed

Re: VPN possible DNS issues?

Yep, Client VPN.

Kind of a big deal

Re: VPN possible DNS issues?

Are you tunneling all traffic or doing split-tunnel? Do you have the correct domain suffix(s) applied to the VPN connection so you can use unqualified names? 

MRCUR | CMNO #12
Getting noticed

Re: VPN possible DNS issues?

Hmmm, I'm not sure about the domain suffixes part. How would I check that?

By default I was tunneling all traffic, but last night I enable split tunneling and still no change.

Kind of a big deal

Re: VPN possible DNS issues?

Does the MX64 route a route to your AD controllers?

Getting noticed

Re: VPN possible DNS issues?

Yes, one of the nameservers is also the AD controller.

Kind of a big deal

Re: VPN possible DNS issues?

@CharlesIsWorkin You can use PowerShell to get or set the VPN domain suffix. See here: https://docs.microsoft.com/en-us/powershell/module/vpnclient/set-vpnconnection?view=win10-ps

 

Regarding @PhilipDAth's question - you're using a DC as a DNS server for client VPN, but does the MX have a route to the DC (can the MX ping the DC)? 

MRCUR | CMNO #12
Getting noticed

Re: VPN possible DNS issues?

Ok, so if I am right, this is how I would test that.

I log into the dashboard, go to Security Appliance > Status>Tools>Ping.

Then plug in those IP addresses, right? They both pinged fine with 1ms latency.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Points Contest
Join us for a month-long contest with heaps of swag to win!

Learn More ›