DNS Issue over Site -Site VPN Tunnel.

Discussion in 'Cisco' started by Knutts, Sep 15, 2006.

  1. Knutts

    Knutts Guest

    Hi,

    Have a problem with DNS requests over a IPSEC site - site VPN using a
    Cisco 837 at either end. We can ping the DNS server IP address at the
    remote end of the tunnel but can not ping the server name or join the
    domain etc. We can browse the server using the IP address without any
    issue. Configs below.

    !This is the running config of the router: Remote Router
    !----------------------------------------------------------------------------
    !version 12.3
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname Router
    !
    no logging buffered
    enable secret 5 $1$UeOB$18cSXwZSBc6vkttEgbFGP0
    !
    username CRWS_dheeraj privilege 15 password 7
    03400A4F315E276D0A06480A24371B0D50727E7C796B637340
    username CRWS_Ritesh privilege 15 password 7
    100A585D3246142A480B7B24170D23347342504257530F0C080A
    username CRWS_Vijay privilege 15 password 7
    125D5453255A0A256E2475270010321256465654000E0D000D5C
    username CRWS_Shashi privilege 15 password 7
    06425E657B1F0F38411843043F213A2A7C7162657043564756
    username CRWS_Bijoy privilege 15 password 7
    09081F4D2E5411334F0355251801383264774051405254050909
    username CRWS_Gayatri privilege 15 password 7
    1453434F3B552C0A6027623A11361717525302080E010C5E57
    username CRWS_Sangeetha privilege 15 password 7
    1453434F3B552C0A6027623A113617175151070F080A0D5C5548
    username CRWS_Prem privilege 15 password 7
    0242551F3C570900084158163632020A5D5C7373767A62627741
    username CRWS_Jaidil privilege 15 password 7
    015757406C5A002E65431F062A2007135A5F567E7C7571626C7A
    username CRWS_Giri privilege 15 password 7
    114D484120430D2D40257A2B1B162523425040515205010B040D
    username Router password 7 06211D7542495A2E554716
    no aaa new-model
    ip subnet-zero
    ip name-server 192.168.20.1
    ip dhcp excluded-address 192.168.20.1
    ip dhcp excluded-address 192.168.20.3
    !
    !
    ip inspect name myfw cuseeme timeout 3600
    ip inspect name myfw ftp timeout 3600
    ip inspect name myfw rcmd timeout 3600
    ip inspect name myfw realaudio timeout 3600
    ip inspect name myfw smtp timeout 3600
    ip inspect name myfw tftp timeout 30
    ip inspect name myfw udp timeout 15
    ip inspect name myfw tcp timeout 3600
    ip inspect name myfw h323 timeout 3600
    ip audit notify log
    ip audit po max-events 100
    no ftp-server write-enable
    !
    !
    !
    !
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp key 0 xxxxxxxxx address 80.68.39.234
    !
    !
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    !
    crypto map SDM_CMAP_1 1 ipsec-isakmp
    description Tunnel to80.68.39.234
    set peer 80.68.39.234
    set transform-set ESP-3DES-SHA
    match address 100
    !
    !
    !
    !
    interface Ethernet0
    description CRWS Generated text. Please do not delete
    this:192.168.20.254-255.255.255.0$ETH-LAN$
    ip address 192.168.20.254 255.255.255.0
    ip access-group 122 out
    ip nat inside
    ip tcp adjust-mss 1452
    hold-queue 100 out
    !
    interface ATM0
    no ip address
    atm vc-per-vp 64
    no atm ilmi-keepalive
    pvc 0/38
    pppoe-client dial-pool-number 1
    !
    dsl operating-mode auto
    !
    interface FastEthernet1
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet2
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet3
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet4
    no ip address
    duplex auto
    speed auto
    !
    interface Dialer1
    ip address 80.68.42.226 255.255.255.240
    ip access-group 111 in
    ip mtu 1492
    ip nat outside
    ip inspect myfw out
    encapsulation ppp
    ip tcp adjust-mss 1452
    dialer pool 1
    dialer remote-name redback
    dialer-group 1
    ppp authentication pap chap callin
    ppp chap hostname
    ppp chap password 7 040952535A20191B08
    ppp pap sent-username password 7
    124B5C42470A59512B
    crypto map SDM_CMAP_1
    !
    ip nat inside source static udp 192.168.20.3 47 interface Dialer1 47
    ip nat inside source static tcp 192.168.20.3 47 interface Dialer1 47
    ip nat inside source static tcp 192.168.20.3 3101 interface Dialer1
    3101
    ip nat inside source static tcp 192.168.20.3 1723 interface Dialer1
    1723
    ip nat inside source static tcp 192.168.20.1 443 interface Dialer1 443
    ip nat inside source static tcp 192.168.20.1 3389 interface Dialer1
    3389
    ip nat inside source static udp 192.168.20.3 1723 interface Dialer1
    1723
    ip nat inside source static tcp 192.168.20.1 1433 interface Dialer1
    1433
    ip nat inside source static udp 192.168.20.1 1433 interface Dialer1
    1433
    ip nat inside source static tcp 192.168.20.1 50 interface Dialer1 50
    ip nat inside source static udp 192.168.20.1 50 interface Dialer1 50
    ip nat inside source static tcp 192.168.20.1 80 interface Dialer1 80
    ip nat inside source static tcp 192.168.20.1 110 interface Dialer1 110
    ip nat inside source static tcp 192.168.20.1 25 interface Dialer1 25
    ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip http server
    no ip http secure-server
    !
    access-list 100 remark SDM_ACL Category=4
    access-list 100 remark IPSec Rule
    access-list 100 permit ip 192.168.20.0 0.0.0.255 192.168.50.0 0.0.0.255
    log
    access-list 102 remark SDM_ACL Category=18
    access-list 102 remark IPSec Rule
    access-list 102 deny ip 192.168.20.0 0.0.0.255 192.168.50.0 0.0.0.255
    log
    access-list 102 permit ip 192.168.20.0 0.0.0.255 any
    access-list 111 permit tcp any any eq smtp
    access-list 111 permit tcp any any eq pop3
    access-list 111 permit tcp any any eq www
    access-list 111 permit udp any any eq 50
    access-list 111 permit tcp any any eq 50
    access-list 111 permit udp any any eq 1433
    access-list 111 permit tcp any any eq 1433
    access-list 111 permit udp any any eq 1723
    access-list 111 permit tcp any any eq 3389
    access-list 111 permit tcp any any eq 443
    access-list 111 permit tcp any any eq 1723
    access-list 111 permit tcp any any eq 3101
    access-list 111 permit tcp any any eq 47
    access-list 111 permit udp any any eq 47
    access-list 111 permit tcp any any eq telnet
    access-list 111 permit icmp any any administratively-prohibited
    access-list 111 permit icmp any any echo
    access-list 111 permit icmp any any echo-reply
    access-list 111 permit icmp any any packet-too-big
    access-list 111 permit icmp any any time-exceeded
    access-list 111 permit icmp any any traceroute
    access-list 111 permit icmp any any unreachable
    access-list 111 permit udp any eq bootps any eq bootpc
    access-list 111 permit udp any eq bootps any eq bootps
    access-list 111 permit udp any eq domain any
    access-list 111 permit esp any any
    access-list 111 permit udp any any eq isakmp
    access-list 111 permit udp any any eq 10000
    access-list 111 permit tcp any any eq 139
    access-list 111 permit udp any any eq netbios-ns
    access-list 111 permit udp any any eq netbios-dgm
    access-list 111 permit gre any any
    access-list 111 deny ip any any
    access-list 122 deny tcp any any eq telnet
    access-list 122 permit ip any any
    dialer-list 1 protocol ip permit
    route-map SDM_RMAP_1 permit 1
    match ip address 102
    !
    !
    line con 0
    exec-timeout 120 0
    no modem enable
    stopbits 1
    line aux 0
    line vty 0 4
    exec-timeout 120 0
    login local
    length 0
    !
    scheduler max-task-time 5000
    !
    end

    !This is the running config of the router: Local Router
    !----------------------------------------------------------------------------
    !version 12.3
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname Router
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 52000 debugging
    !
    username chris privilege 15 secret 5 $1$jpZi$tKjkGHLhqtyY.TnMR/1f91
    username robin privilege 15 secret 5 $1$O0tV$BiT9JZDMLXrGKmDl5DQap0
    no aaa new-model
    ip subnet-zero
    ip dhcp excluded-address 10.10.10.1
    ip dhcp excluded-address 192.168.50.1 192.168.50.9
    ip dhcp excluded-address 192.168.50.254
    !
    ip dhcp pool CLIENT
    import all
    network 192.168.50.0 255.255.255.0
    default-router 192.168.50.254
    dns-server 192.168.50.254 80.68.34.6
    lease 0 2
    !
    !
    ip name-server 80.68.34.6
    ip name-server 80.68.34.8
    ip name-server 192.168.20.1
    ip audit notify log
    ip audit po max-events 100
    ip ssh break-string
    no ftp-server write-enable
    no scripting tcl init
    no scripting tcl encdir
    !
    !
    !
    !
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp key xxxxxxxxxx address 80.68.42.226
    !
    !
    crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    !
    crypto map SDM_CMAP_1 2 ipsec-isakmp
    ! Incomplete
    description Tunnel to80.68.42.226
    set peer 80.68.42.226
    set transform-set ESP-3DES-SHA2
    match address 103
    !
    crypto map SDM_CMAP_2 1 ipsec-isakmp
    description Tunnel to80.68.42.226
    set peer 80.68.42.226
    set transform-set ESP-3DES-SHA
    match address 100
    !
    !
    !
    !
    interface Ethernet0
    description $ETH-LAN$
    ip address 192.168.50.254 255.255.255.0
    ip nat inside
    ip tcp adjust-mss 1412
    hold-queue 100 out
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    interface ATM0.1 point-to-point
    pvc 0/38
    pppoe-client dial-pool-number 1
    !
    !
    interface FastEthernet1
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet2
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet3
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet4
    no ip address
    duplex auto
    speed auto
    !
    interface Dialer0
    ip address 80.68.39.234 255.255.255.240
    ip mtu 1452
    ip nat outside
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    ppp authentication chap pap callin
    ppp chap hostname
    ppp chap password 7 10160C18034610580D
    ppp pap sent-username password 7
    135D12130D5D06792A
    crypto map SDM_CMAP_2
    crypto ipsec df-bit clear
    !
    ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer0
    ip http server
    no ip http secure-server
    !
    !
    access-list 1 remark INSIDE_IF=Ethernet0
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 10.10.10.0 0.0.0.255
    access-list 23 permit 10.10.10.0 0.0.0.255
    access-list 100 remark SDM_ACL Category=4
    access-list 100 remark IPSec Rule
    access-list 100 permit ip 192.168.50.0 0.0.0.255 192.168.20.0 0.0.0.255
    access-list 101 remark SDM_ACL Category=2
    access-list 101 remark IPSec Rule
    access-list 101 deny ip 192.168.50.0 0.0.0.255 192.168.20.0 0.0.0.255
    access-list 101 deny ip 80.68.39.224 0.0.0.15 192.168.20.0 0.0.0.255
    access-list 101 deny ip 192.168.50.0 0.0.0.255 192.168.50.0 0.0.0.255
    access-list 101 permit ip 192.168.50.0 0.0.0.255 any
    dialer-list 1 protocol ip permit
    route-map SDM_RMAP_1 permit 1
    match ip address 101
    !
    !
    control-plane
    !
    !
    line con 0
    exec-timeout 120 0
    no modem enable
    transport preferred all
    transport output all
    stopbits 1
    line aux 0
    transport preferred all
    transport output all
    line vty 0 4
    access-class 23 in
    exec-timeout 120 0
    login local
    transport preferred all
    transport input all
    transport output all
    !
    scheduler max-task-time 5000
    !
    end
     
    Knutts, Sep 15, 2006
    #1
    1. Advertising

  2. Knutts

    swapnendu

    Joined:
    Sep 13, 2006
    Messages:
    57
    how hv you configured DNS for hosts on the remote router end? dns server is located in local router end ? forwarder is configured in DNS server?
     
    swapnendu, Sep 17, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. a.nonny mouse
    Replies:
    2
    Views:
    1,126
  2. Trouble
    Replies:
    0
    Views:
    658
    Trouble
    Aug 4, 2006
  3. Trouble
    Replies:
    1
    Views:
    559
  4. pasatealinux
    Replies:
    1
    Views:
    2,059
    pasatealinux
    Dec 17, 2007
  5. Theo Markettos

    VOIP over VPN over TCP over WAP over 3G

    Theo Markettos, Feb 3, 2008, in forum: UK VOIP
    Replies:
    2
    Views:
    924
    Theo Markettos
    Feb 14, 2008
Loading...

Share This Page