What am I missing to get internal DNS working..

Hi,

I'm pulling my hair out trying to get DNS to resolve internal network servers/devices while connected via Mobile SSL VPN.

We have a M200 running 12.0.1

I am trying to get Mobile SSL VPN working.

I have successfully connected and created a VPN session.
I am authenticating via a user in FireboxDB.
All client traffic goes through VPN.

I understand that in versions less than 12.2, it is the DNS settings in VPN-->Mobile VPN with SSL--> Advanced that should be taking care of DNS and not the Network--> Interface settings.

I have added our Active directory domain controller as the primary DNS server and googles server as the secondary.

Once connected via VPN, I can browse general internet but internal server hostnames wont resolve.
If I enter the internal IP address of a webserver on our network then I can browse pages.

So my question is, what obvious setting am I missing?

Also what domain name should I enter as part of DNS settings? As there is no domain infrastructure publically facing sitting behind the firewall should I just use the active directory version ie. domain.local ?

Thanks in advance...

~Shaun.

Answers

  • 12.0.1 ? Really? That came out in the fall of 2017

    1) re. the domain name - If you want to use short names and have them resolved to a long name, then you enter the appropriate string which when appended to the short name gives you the correct long name.
    For many AD sites it would be the AD domain name

    2) re. the internal DNS issue - what are you trying to resolve? a short name or a long one (fully qualified domain name) ?
    Have you verified that your AD DNS server IP addr is 1st in the list for the SSLVPN connection?

  • It still is the DNS settings in VPN-->Mobile VPN with SSL--> Advanced that should be taking care of DNS and not the Network--> Interface settings.

    Put your local domain name in and ONLY the LAN DNS server, not any external ones. Your LAN DNS server's forwarders will take care of any external lookups.

    Gregg Hill

  • Hi,

    Thanks gentlemen for taking the time to read and respond.

    So it turns out I had it configured correctly but I was just being an idiot wrt what I was putting in the URL bar. I am so accustomed to entering the first string of the URL in my browser in the office and then picking the top record from history to navigate to the site that I didn't take into account that my office browser had the https:// bit obfuscated but there. So when I just typed the URL without the https:// at the beginning in my remote session it was just interpreted as a string of text for google to search.

    Some nslookups/pings etc highlighted that DNS was actually working, don't know why I didn't do that yesterday....

    Thanks again though,

    ~S.

Sign In to comment.