DNS Issue over Site -Site VPN Tunnel.
in [Cisco]
|
Prev: ARP table
Next: Static Translation
From: Knutts on 15 Sep 2006 13:57 Hi, Have a problem with DNS requests over a IPSEC site - site VPN using a Cisco 837 at either end. We can ping the DNS server IP address at the remote end of the tunnel but can not ping the server name or join the domain etc. We can browse the server using the IP address without any issue. Configs below. !This is the running config of the router: Remote Router !---------------------------------------------------------------------------- !version 12.3 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname Router ! no logging buffered enable secret 5 $1$UeOB$18cSXwZSBc6vkttEgbFGP0 ! username CRWS_dheeraj privilege 15 password 7 03400A4F315E276D0A06480A24371B0D50727E7C796B637340 username CRWS_Ritesh privilege 15 password 7 100A585D3246142A480B7B24170D23347342504257530F0C080A username CRWS_Vijay privilege 15 password 7 125D5453255A0A256E2475270010321256465654000E0D000D5C username CRWS_Shashi privilege 15 password 7 06425E657B1F0F38411843043F213A2A7C7162657043564756 username CRWS_Bijoy privilege 15 password 7 09081F4D2E5411334F0355251801383264774051405254050909 username CRWS_Gayatri privilege 15 password 7 1453434F3B552C0A6027623A11361717525302080E010C5E57 username CRWS_Sangeetha privilege 15 password 7 1453434F3B552C0A6027623A113617175151070F080A0D5C5548 username CRWS_Prem privilege 15 password 7 0242551F3C570900084158163632020A5D5C7373767A62627741 username CRWS_Jaidil privilege 15 password 7 015757406C5A002E65431F062A2007135A5F567E7C7571626C7A username CRWS_Giri privilege 15 password 7 114D484120430D2D40257A2B1B162523425040515205010B040D username Router password 7 06211D7542495A2E554716 no aaa new-model ip subnet-zero ip name-server 192.168.20.1 ip dhcp excluded-address 192.168.20.1 ip dhcp excluded-address 192.168.20.3 ! ! ip inspect name myfw cuseeme timeout 3600 ip inspect name myfw ftp timeout 3600 ip inspect name myfw rcmd timeout 3600 ip inspect name myfw realaudio timeout 3600 ip inspect name myfw smtp timeout 3600 ip inspect name myfw tftp timeout 30 ip inspect name myfw udp timeout 15 ip inspect name myfw tcp timeout 3600 ip inspect name myfw h323 timeout 3600 ip audit notify log ip audit po max-events 100 no ftp-server write-enable ! ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key 0 xxxxxxxxx address 80.68.39.234 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to80.68.39.234 set peer 80.68.39.234 set transform-set ESP-3DES-SHA match address 100 ! ! ! ! interface Ethernet0 description CRWS Generated text. Please do not delete this:192.168.20.254-255.255.255.0$ETH-LAN$ ip address 192.168.20.254 255.255.255.0 ip access-group 122 out ip nat inside ip tcp adjust-mss 1452 hold-queue 100 out ! interface ATM0 no ip address atm vc-per-vp 64 no atm ilmi-keepalive pvc 0/38 pppoe-client dial-pool-number 1 ! dsl operating-mode auto ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 no ip address duplex auto speed auto ! interface FastEthernet3 no ip address duplex auto speed auto ! interface FastEthernet4 no ip address duplex auto speed auto ! interface Dialer1 ip address 80.68.42.226 255.255.255.240 ip access-group 111 in ip mtu 1492 ip nat outside ip inspect myfw out encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer remote-name redback dialer-group 1 ppp authentication pap chap callin ppp chap hostname hutleyinvest(a)datadsl.co.uk ppp chap password 7 040952535A20191B08 ppp pap sent-username hutleyinvest(a)datadsl.co.uk password 7 124B5C42470A59512B crypto map SDM_CMAP_1 ! ip nat inside source static udp 192.168.20.3 47 interface Dialer1 47 ip nat inside source static tcp 192.168.20.3 47 interface Dialer1 47 ip nat inside source static tcp 192.168.20.3 3101 interface Dialer1 3101 ip nat inside source static tcp 192.168.20.3 1723 interface Dialer1 1723 ip nat inside source static tcp 192.168.20.1 443 interface Dialer1 443 ip nat inside source static tcp 192.168.20.1 3389 interface Dialer1 3389 ip nat inside source static udp 192.168.20.3 1723 interface Dialer1 1723 ip nat inside source static tcp 192.168.20.1 1433 interface Dialer1 1433 ip nat inside source static udp 192.168.20.1 1433 interface Dialer1 1433 ip nat inside source static tcp 192.168.20.1 50 interface Dialer1 50 ip nat inside source static udp 192.168.20.1 50 interface Dialer1 50 ip nat inside source static tcp 192.168.20.1 80 interface Dialer1 80 ip nat inside source static tcp 192.168.20.1 110 interface Dialer1 110 ip nat inside source static tcp 192.168.20.1 25 interface Dialer1 25 ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ip http server no ip http secure-server ! access-list 100 remark SDM_ACL Category=4 access-list 100 remark IPSec Rule access-list 100 permit ip 192.168.20.0 0.0.0.255 192.168.50.0 0.0.0.255 log access-list 102 remark SDM_ACL Category=18 access-list 102 remark IPSec Rule access-list 102 deny ip 192.168.20.0 0.0.0.255 192.168.50.0 0.0.0.255 log access-list 102 permit ip 192.168.20.0 0.0.0.255 any access-list 111 permit tcp any any eq smtp access-list 111 permit tcp any any eq pop3 access-list 111 permit tcp any any eq www access-list 111 permit udp any any eq 50 access-list 111 permit tcp any any eq 50 access-list 111 permit udp any any eq 1433 access-list 111 permit tcp any any eq 1433 access-list 111 permit udp any any eq 1723 access-list 111 permit tcp any any eq 3389 access-list 111 permit tcp any any eq 443 access-list 111 permit tcp any any eq 1723 access-list 111 permit tcp any any eq 3101 access-list 111 permit tcp any any eq 47 access-list 111 permit udp any any eq 47 access-list 111 permit tcp any any eq telnet access-list 111 permit icmp any any administratively-prohibited access-list 111 permit icmp any any echo access-list 111 permit icmp any any echo-reply access-list 111 permit icmp any any packet-too-big access-list 111 permit icmp any any time-exceeded access-list 111 permit icmp any any traceroute access-list 111 permit icmp any any unreachable access-list 111 permit udp any eq bootps any eq bootpc access-list 111 permit udp any eq bootps any eq
|
Pages: 1 Prev: ARP table Next: Static Translation |