Meraki

Community

wireless client DNS issue with AP through site-to-site vpn tunnel.

MikeDup
Here to help
‎Sep 21 2020 11:58 AM
‎Sep 21 2020 11:58 AM

wireless client DNS issue with AP through site-to-site vpn tunnel.

Two SSID's configured, Guest and Private.  Private wifi is bridged to use ip scope of local LAN which is tunneled through site-to-site vpn. Guest wifi is assigned an ip address from the Access Point and just goes directly the the internet.  Guest wifi resolves DNS as it should, but private wifi will not resolve DNS for local resources through the tunnel.  

Here is the strange part:  This AP is plugged into a switch along with multiple workstations, both pc's and laptops.  DNS works fine on the local LAN through the vpn tunnel for wired clients, just not wireless clients......Same IP scope......  Anyone see this situation before?  Thanks

0 Kudos
7 Replies 7
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 21 2020 2:11 PM
‎Sep 21 2020 2:11 PM

- Do the WLAN clients receive the right DNS-server?

- Is it only DNS and the rest is working as expected?

If nothing works, Did you perhaps forgot to allow the WLAN clients access to local LAN under Wireless -> Firewall?

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to KarstenI
MikeDup
Here to help
‎Sep 22 2020 5:20 AM
‎Sep 22 2020 5:20 AM

Hello Karstenl,

 

Thank your for the quick reply.  Yes, it seems the WAN clients are receiveing the right DNS server and DNS is the only thing not working.  I can access local resources through the vpn tunnel using ip addresses.  DNS was working previously, but then stopped recently.  Also, I want to add that my DNS runs through Cisco Umbrella.  Thanks

 

0 Kudos
In response to MikeDup
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 22 2020 5:27 AM
‎Sep 22 2020 5:27 AM

Did you change your Umbrella-Setup recently? And who sends the DNS-requests to Umbrella? The client, the MX, a VA?

I would first look at the Umbrella dashboard and/or the MX-Umbrella-config if your domain names (the domains that should be processed by your DNS) are configured correctly. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to KarstenI
MikeDup
Here to help
‎Sep 22 2020 5:34 AM
‎Sep 22 2020 5:34 AM

the wireless client sends the DNS requests to Umbrella as well as the wired clients.  Wired works fine, wireless does not, both are assigned ip addresses in the same subnet.  As far as I know, the Umbrella configuration has not changed, but I am not the only person who can manage it, so I will have to check.  Thanks

0 Kudos
In response to MikeDup
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 22 2020 5:40 AM
‎Sep 22 2020 5:40 AM

Does that mean you are using the roaming-client or the AnyConnect roaming module on the PCs? Are the wireless and wired clients using the same policy and Domain-config?

 

Also, go to Activity search in the Umbrella Dashboard and search for your internal Domain name. If it shows up, the domain-management is configured incorrectly.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to KarstenI
MikeDup
Here to help
‎Sep 23 2020 12:49 PM
‎Sep 23 2020 12:49 PM

Thanks for the help, but I seem to have figured it out, it seems the problem was a configuration issue with my Umbrella servers.  All troubleshooting issues seemed to point there, so that is where I concentrated my efforts.  Thanks again!

0 Kudos
In response to MikeDup
pioanidis
New here
‎Oct 23 2024 6:54 AM
‎Oct 23 2024 6:54 AM

Were you ever able to identify the cause and/or resolution to this. We are experiencing very very similar issues with very similar setups 

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.