VPN DNS issues

P

PJPG

I know that this is a popular topic, I've read all the solutions I can find
but I'm still stumped.

I am using Vista to connect to my work network via a vpn to our ISA 2007
server.

When connected to the VPN, NSLOOKUP works but all other programs (like PING
and IE) can not resolve the address of our internal servers.

I have coded a connection specific DNS sufix.

I can verify that IPCONFIG shows the two work DNS servers.

NSLOOKUP does see the work DNS server as the default.

I do have the 'use remote gateway' option checked in my VPN connector.

Yet, when I connect to the VPN I lose all ability to do DNS lookups for
everything execpt NSLOOKUP. (This is somewhat resonable since my ISP's DNS
server will not respond to DNS requests that do not originate on their
network. If I could connect to them, the work DNS servers would also supply
addresses from the Internet.)

The only tricky item in my setup is that the address my station gets from
the VPN server is _not_ on the same subnet as the two work DNS servers.

VPN address is in the range 167.254.x.x

Work DNS servers are in the range 10.x.x.x

Home network uses the range 192.168.100.x

Both my local network and the vpn network are using automatically assigned
metric numbers.

I've read that this configuration doesn't work with XP Pro, but I'm running
Vista so that tecnote doesn't apply.

Can anyone suggest a solution to this problem.
 
R

Robert L. \(MS-MVP\)

Are you sue the VPN client IP is 167.254.x.x instead of 169.254.x.x.?
Posting the result of these command lines on the VPN client may help.

1. nslookup.
2. ipconfig /all
3. ping 4.2.2.1.

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
 
P

PJPG

yes, you are right the address is 169.254.x.x

I hope these help.


C:\WINDOWS\system32>nslookup
Default Server: dns1.internal.mycorp.com
Address: 10.1.1.115:53
www.cnn.com
Click to expand...
Server: dns1.internal.mycorp.com
Address: 10.1.1.115:53

Non-authoritative answer:
Name: www.cnn.com
Addresses: 64.236.91.23, 64.236.91.24, 64.236.16.20, 64.236.16.52
64.236.24.12, 64.236.29.120, 64.236.91.21, 64.236.91.22
exit
Click to expand...

C:\WINDOWS\system32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Blue
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mycorp.com

PPP adapter DCC:

Connection-specific DNS Suffix . : mycorp.com
Description . . . . . . . . . . . : DCC
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 169.254.1.8(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 10.1.1.115
10.1.1.116
Primary WINS Server . . . . . . . : 10.1.1.201
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Windows Mobile Remote
Adapter #
3
Physical Address. . . . . . . . . : 80-00-60-0F-E8-00
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 169.254.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, January 19, 2008 9:01:20 PM
Lease Expires . . . . . . . . . . : Monday, February 18, 2008 9:01:20 PM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 169.254.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter LAN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
Connection
Physical Address. . . . . . . . . : 00-07-E9-EA-2A-67
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.100.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, January 19, 2008 9:01:20 PM
Lease Expires . . . . . . . . . . : Tuesday, January 22, 2008 9:01:20 PM
Default Gateway . . . . . . . . . : 192.168.100.1
DHCP Server . . . . . . . . . . . : 192.168.100.1
DNS Servers . . . . . . . . . . . : 167.206.251.130
167.206.251.129
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

C:\WINDOWS\system32>ping 4.2.2.1

Pinging 4.2.2.1 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 4.2.2.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\WINDOWS\system32>
 
S

snoopy

PPP adapter DCC:

   Connection-specificDNSSuffix  . : mycorp.com
   Description . . . . . . . . . . . : DCC
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 169.254.1.8(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
Click to expand...

Here's your problem. ^^^ Your netmask says that you can only talk to
servers that exactly match your own IP address. It's unlikely that
you're getting that IP address and that netmask from the DHCP server.
It's more likely that you're not getting an IP address from the DHCP
server, so your VPN host adapter is picking a private one.

If you suspect DNS server resolver problems, just use a reliable free
one:
http://www.ifirefly.com
 
R

Robert L. \(MS-MVP\)

We have a lot issues with this configuration.

1. We need to know how you setup the RRAS. For example do you use DHCP or
Pool? One way or other 169.254.x.x. may work.
2. Ethernet adapter Local Area Connection 3: IPv4 Address. . . . . . . . . .
.. : 169.254.2.2(Preferred): I assume this is computer with two NICs. You may
want to disable this one. If you don't it is OK.
3. We still need one more information, routing table. To collect the routing
table, use route print command. Please post back with the result.

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
 
P

PJPG

1. We need to know how you setup the RRAS. For example do you use DHCP or
Pool?

Pool


2. Ethernet adapter Local Area Connection 3: IPv4 Address. . . . . . . . . .

That stumped me for a moment, then I relized that is the connection to my
windows mobile 6 smartphone (HTC TyTN II)


3. We still need one more information, routing table. To collect the routing
table, use route print command. Please post back with the result.

(with smart phone connected)

C:\WINDOWS\system32>route print
===========================================================================
Interface List
17 ........................... DCC
13 ...80 00 60 0f e8 00 ...... Microsoft Windows Mobile Remote Adapter #3
7 ...00 07 e9 ea 2a 67 ...... Intel(R) PRO/100 VE Network Connection
1 ........................... Software Loopback Interface 1
8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.100.1 192.168.100.4 4501
0.0.0.0 0.0.0.0 On-link 169.254.1.2 21
127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531
127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
169.254.1.2 255.255.255.255 On-link 169.254.1.2 276
169.254.2.0 255.255.255.0 On-link 169.254.2.2 4511
169.254.2.2 255.255.255.255 On-link 169.254.2.2 4511
169.254.2.255 255.255.255.255 On-link 169.254.2.2 4511
192.168.100.0 255.255.255.0 On-link 192.168.100.4 4501
192.168.100.4 255.255.255.255 On-link 192.168.100.4 4501
192.168.100.255 255.255.255.255 On-link 192.168.100.4 4501
198.242.211.227 255.255.255.255 192.168.100.1 192.168.100.4 4246
224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 192.168.100.4 4502
224.0.0.0 240.0.0.0 On-link 169.254.2.2 4512
224.0.0.0 240.0.0.0 On-link 169.254.1.2 21
255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
255.255.255.255 255.255.255.255 On-link 192.168.100.4 4501
255.255.255.255 255.255.255.255 On-link 169.254.2.2 4511
255.255.255.255 255.255.255.255 On-link 169.254.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

C:\WINDOWS\system32>

(With smart phone unplugged.)

C:\WINDOWS\system32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Blue
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : sunydutchess.edu

PPP adapter DCC:

Connection-specific DNS Suffix . : sunydutchess.edu
Description . . . . . . . . . . . : DCC
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 169.254.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 10.1.1.115
10.1.1.116
Primary WINS Server . . . . . . . : 10.1.1.201
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter LAN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
Connection
Physical Address. . . . . . . . . : 00-07-E9-EA-2A-67
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.100.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, January 20, 2008 9:06:06 PM
Lease Expires . . . . . . . . . . : Wednesday, January 23, 2008 9:06:05
PM
Default Gateway . . . . . . . . . : 192.168.100.1
DHCP Server . . . . . . . . . . . : 192.168.100.1
DNS Servers . . . . . . . . . . . : 167.206.251.130
167.206.251.129
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

C:\WINDOWS\system32>route print
===========================================================================
Interface List
17 ........................... DCC
7 ...00 07 e9 ea 2a 67 ...... Intel(R) PRO/100 VE Network Connection
1 ........................... Software Loopback Interface 1
8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.100.1 192.168.100.4 4501
0.0.0.0 0.0.0.0 On-link 169.254.1.3 21
127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531
127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
169.254.1.3 255.255.255.255 On-link 169.254.1.3 276
192.168.100.0 255.255.255.0 On-link 192.168.100.4 4501
192.168.100.4 255.255.255.255 On-link 192.168.100.4 4501
192.168.100.255 255.255.255.255 On-link 192.168.100.4 4501
198.242.211.227 255.255.255.255 192.168.100.1 192.168.100.4 4246
224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 192.168.100.4 4503
224.0.0.0 240.0.0.0 On-link 169.254.1.3 21
255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
255.255.255.255 255.255.255.255 On-link 192.168.100.4 4501
255.255.255.255 255.255.255.255 On-link 169.254.1.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

C:\WINDOWS\system32>
 
P

PJPG

Yep, I can reach all the servers at work (as long as I use an IP address)
and all services on the internet while connected to the VPN (as long as I
recode to use my local router as a DNS caching server), even NSLOOKUP to my
work DNS servers works. The only part not working is DNS lookups by every
application except NSLOOKUP.

Microsoft Windows [Version 6.0.6000]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>ping 10.1.1.115

Pinging 10.1.1.115 with 32 bytes of data:

Reply from 10.1.1.115: bytes=32 time=173ms TTL=63
Reply from 10.1.1.115: bytes=32 time=21ms TTL=63
Reply from 10.1.1.115: bytes=32 time=19ms TTL=63
Reply from 10.1.1.115: bytes=32 time=19ms TTL=63

Ping statistics for 10.1.1.115:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 173ms, Average = 58ms

C:\WINDOWS\system32>nslookup www.cnn.com
Server: dns1.internal.sunydutchess.edu
Address: 10.1.1.115:53

Non-authoritative answer:
Name: www.cnn.com
Addresses: 64.236.91.23, 64.236.91.24, 64.236.16.20, 64.236.16.52
64.236.24.12, 64.236.29.120, 64.236.91.21, 64.236.91.22


C:\WINDOWS\system32>ping www.cnn.com
Ping request could not find host www.cnn.com. Please check the name and try
agai
n.


note how the PING command said 'could not find host'.


C:\WINDOWS\system32>
 
P

PJPG

Hi Robert;

Thank you for all of your help.

I've reconfigured my VPN server in a way that hope will work around this
problem. (The DNS servers now appear on the same subnet as the given
address.)

....pjpg




PJPG said:
Yep, I can reach all the servers at work (as long as I use an IP address)
and all services on the internet while connected to the VPN (as long as I
recode to use my local router as a DNS caching server), even NSLOOKUP to
my work DNS servers works. The only part not working is DNS lookups by
every application except NSLOOKUP.

Microsoft Windows [Version 6.0.6000]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>ping 10.1.1.115

Pinging 10.1.1.115 with 32 bytes of data:

Reply from 10.1.1.115: bytes=32 time=173ms TTL=63
Reply from 10.1.1.115: bytes=32 time=21ms TTL=63
Reply from 10.1.1.115: bytes=32 time=19ms TTL=63
Reply from 10.1.1.115: bytes=32 time=19ms TTL=63

Ping statistics for 10.1.1.115:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 173ms, Average = 58ms

C:\WINDOWS\system32>nslookup www.cnn.com
Server: dns1.internal.sunydutchess.edu
Address: 10.1.1.115:53

Non-authoritative answer:
Name: www.cnn.com
Addresses: 64.236.91.23, 64.236.91.24, 64.236.16.20, 64.236.16.52
64.236.24.12, 64.236.29.120, 64.236.91.21, 64.236.91.22


C:\WINDOWS\system32>ping www.cnn.com
Ping request could not find host www.cnn.com. Please check the name and
try agai
n.


note how the PING command said 'could not find host'.


C:\WINDOWS\system32>


Robert L. (MS-MVP) said:
Can you ping 10.1.1.115 from VPN client?

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Lose local network file access when connecting to VPN of a client 9
VPN DNS ISSUES 3
how to map network drive with Cisco systems VPN Client, Vista 1
DNS order in XP on a VPN connection (not using VPN DNS servers) 1
VPN problem: There is more than one active network connection ... 4
Vista VPN gets wrong subnet mask 2
Alternate DNS servers under Vista SP1 5
Vista VPN: Can't see network resources over VPN 4

Top