can you identify if this is a dns issue..

  • Thread starter Thread starter Calvin C.
  • Start date Start date
C

Calvin C.

To All,
I got no help from Cisco tac at all, and want to see if anyone here can give
me a direction.

I am able to VPN into our network from client PC with cisco VPN client
program, and PING servers IPs without problems. (I am able to PING by host
name only after using lmhost file) However, I cannot browse neighborhood PCs
or access servers by using either IP or host name. (for example,
\\server\shared or \\192.168.100.100\shared ) I have domain name, DNS server
and WIN server IP configured in the router (Cisco 2600)

Cisco tac kicked me back and said it's a microsoft dns issue. HELP!!!!


Calvin
 
In
Calvin C. said:
To All,
I got no help from Cisco tac at all, and want to see if anyone here
can give me a direction.

I am able to VPN into our network from client PC with cisco VPN client
program, and PING servers IPs without problems. (I am able to PING by
host name only after using lmhost file) However, I cannot browse
neighborhood PCs or access servers by using either IP or host name.
(for example, \\server\shared or \\192.168.100.100\shared ) I have
domain name, DNS server and WIN server IP configured in the router
(Cisco 2600)

Cisco tac kicked me back and said it's a microsoft dns issue. HELP!!!!


Calvin
Click to expand...

DNS just resolves names to IP addresses. I can't see it being a DNS problem
if you're saying you can't even connect by an IP address, but you can ping
it (which means that at least ICMP is allowed), but from what you're saying,
it's a "something is being blocked" issue, and based on your description,
obviously it's NOT a DNS issue. If you can't resolve, then port UDP &TCP 53
are blocked. If you cannot connect to any shares, or Network Neighborhood is
not population, then 139 and/or 445 are blocked. WINS uses port 42. If you
can't log into the domain, then that's about a dozen other ports being
blocked.

Does your client machine have a personal firewall installed? ICF running? IP
access rules on the router stopping you? Are you allowing routing from your
VPN client into your network? Proxy or ISA installed?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
In Leon E. Webster, MCSE <[email protected]> either posted for help, or
replied to my previous response, or just wanted to comment or offer an
addition, which spurred me to reply below
Maybe these will help...

http://support.microsoft.com/default.aspx?scid=kb;en-us;830063

http://support.microsoft.com/default.aspx?scid=kb;en-us;292822

Lee
Click to expand...

Hi Lee,

I believe the poster said he is using Cisco's VPN services on his router or
PIX (didn't state which) and the Cisco VPN client for connectivity and not
Windows RAS.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Thanks Ace and Lee,
Yes, we're using Cisco VPN client and Cisco router (2600 gateway)
No personal firewall, ICF, Proxy or ISA. Not sure about IP access rules on
router or allowing routing from VPN client but I guess not. (It's our vendor
to configure the router and VPN, but cannot figure out the problem either)

I've sent my VPN config to Cisco tech, and he said it's fine so I try to
find a clue from MS side.

THanks again.


"Ace Fekay [MVP]"
 
In
Calvin C. said:
Thanks Ace and Lee,
Yes, we're using Cisco VPN client and Cisco router (2600 gateway)
No personal firewall, ICF, Proxy or ISA. Not sure about IP access
rules on router or allowing routing from VPN client but I guess not.
(It's our vendor to configure the router and VPN, but cannot figure
out the problem either)

I've sent my VPN config to Cisco tech, and he said it's fine so I try
to find a clue from MS side.

THanks again.
Click to expand...


I still think it's something on their end, but I'm not trying to pass the
buck. I'm just saying that based on your description. You said that you can
ping by IP, but you cannot connect by IP, FQDN or computer name. Smply
stating that connecting by IP is the base method and easiest method to test
connectivity that does not utilize DNS. IF you cannot connect by IP, but can
ping it, then its telling me there's something blocking the connection,
meaning something is blocking the ports required to make a connection,
mapped drive, or whatever you;re trying to do, something such as a firewall
rule, an IP access list or even ICF. DNS from your description, does not
seem to be a factor here.

Maybe it's NAT. If mutliple internal NAT subnets are routing between each
other on a Windows NAT/RAS server, then I've seen issues with H.323 support,
since that squashes the PDUs required for LDAP communication, but this
applies to AD communication. In that case, we would kill H.323 support. But
since you are using a Cisco connection, and you state that you are not using
a Windows RAS server for VPN connectivity, then it seems to point back to
the Cisco VPN service.

Do you have multiple internal NAT subnets? If using private IP addressing,
what is offering NAT, the Cisco router or Windows?



--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Back
Top