We have an MX64 connected to our Core Switch that administers our VPN and acts as our gateway with modems attached to it. So we have VPN on a certain subnet, and the nameservers are specificed as our Domain Controllers.
We have the domain on a different subnet, and that seems to be working fine with our DNS servers.
When I VPN in from home, the connection is established fine. But when I go to use Remote Desktop to log onto my work computer, I can't type in its name or its ip address. I can't hit anything with Remote Desktop by name; I can only remote into the Domain Controllers via their IP addresses, which are specified as the nameservers in the Meraki dashboard.
Got any hints for me? I'm all ears!
At the home computer, when you type ipconfig /all does the MX come up as the DNS server or does your DNS server on the other side of the VPN come up? if you manually type in the DNS server in the DNS section of your network adapter's IP properties are you able to resolve hostnames?
I will certainly check that tonight. I have specified the DNS servers in my VPN connection, but not in my main connection.
Strangely, I have two long-time users without any special settings that use VPN just fine. One is an off-site domain computer that is almost always connected via Remote Desktop to a computer on-site.
Another is a regular remote user. I haven't seen anything of note in their settings.
What do you think of split-tunneling? Someone mentioned that to me as a possible solution.
I'm looking through my Meraki dashboard, where did you specify what DNS servers to use for your VPN connections? Is this regarding "Client VPN" or "Site to Site", sounds like Client but I want to make sure?
Are you tunneling all traffic or doing split-tunnel? Do you have the correct domain suffix(s) applied to the VPN connection so you can use unqualified names?
Hmmm, I'm not sure about the domain suffixes part. How would I check that?
By default I was tunneling all traffic, but last night I enable split tunneling and still no change.
@CharlesIsWorkin You can use PowerShell to get or set the VPN domain suffix. See here: https://docs.microsoft.com/en-us/powershell/module/vpnclient/set-vpnconnection?view=win10-ps
Regarding @PhilipDAth's question - you're using a DC as a DNS server for client VPN, but does the MX have a route to the DC (can the MX ping the DC)?
Ok, so if I am right, this is how I would test that.
I log into the dashboard, go to Security Appliance > Status>Tools>Ping.
Then plug in those IP addresses, right? They both pinged fine with 1ms latency.