wireless client DNS issue with AP through site-to-site vpn tunnel.

MikeDup
Here to help

wireless client DNS issue with AP through site-to-site vpn tunnel.

Two SSID's configured, Guest and Private.  Private wifi is bridged to use ip scope of local LAN which is tunneled through site-to-site vpn. Guest wifi is assigned an ip address from the Access Point and just goes directly the the internet.  Guest wifi resolves DNS as it should, but private wifi will not resolve DNS for local resources through the tunnel.  

Here is the strange part:  This AP is plugged into a switch along with multiple workstations, both pc's and laptops.  DNS works fine on the local LAN through the vpn tunnel for wired clients, just not wireless clients......Same IP scope......  Anyone see this situation before?  Thanks

6 REPLIES 6
KarstenI
Kind of a big deal
Kind of a big deal

- Do the WLAN clients receive the right DNS-server?

- Is it only DNS and the rest is working as expected?

If nothing works, Did you perhaps forgot to allow the WLAN clients access to local LAN under Wireless -> Firewall?

Hello Karstenl,

 

Thank your for the quick reply.  Yes, it seems the WAN clients are receiveing the right DNS server and DNS is the only thing not working.  I can access local resources through the vpn tunnel using ip addresses.  DNS was working previously, but then stopped recently.  Also, I want to add that my DNS runs through Cisco Umbrella.  Thanks

 

KarstenI
Kind of a big deal
Kind of a big deal

Did you change your Umbrella-Setup recently? And who sends the DNS-requests to Umbrella? The client, the MX, a VA?

I would first look at the Umbrella dashboard and/or the MX-Umbrella-config if your domain names (the domains that should be processed by your DNS) are configured correctly. 

the wireless client sends the DNS requests to Umbrella as well as the wired clients.  Wired works fine, wireless does not, both are assigned ip addresses in the same subnet.  As far as I know, the Umbrella configuration has not changed, but I am not the only person who can manage it, so I will have to check.  Thanks

KarstenI
Kind of a big deal
Kind of a big deal

Does that mean you are using the roaming-client or the AnyConnect roaming module on the PCs? Are the wireless and wired clients using the same policy and Domain-config?

 

Also, go to Activity search in the Umbrella Dashboard and search for your internal Domain name. If it shows up, the domain-management is configured incorrectly.

Thanks for the help, but I seem to have figured it out, it seems the problem was a configuration issue with my Umbrella servers.  All troubleshooting issues seemed to point there, so that is where I concentrated my efforts.  Thanks again!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels