Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9697
Views
0
Helpful
20
Replies

ping client hostname via vpn doesn't work, only ip address

firstascent
Level 1
Level 1

‎06-01-2011 02:53 PM - edited ‎03-06-2019 05:18 PM

When I am logged in to the vpn I can only ping the ip address of each device/computer connected but not the computer/host name. This used to work but now I'm not sure what I did to make it not work.

Do I need to add a command or enable something? If I am connected to the network directly then I can ping the hostname just fine, but not when I'm connected through the vpn. The 192.168.10.1 network is what I am trying to access through the vpn

Thanks, config below as well.

Building configuration...

Current configuration : 4217 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname lucee

!

boot-start-marker

boot system flash:c1841-advsecurityk9-mz.124-25c.bin

boot-end-marker

!

enable secret 5 $1$ilzT$C2t

!

aaa new-model

!

!

aaa authentication login userauthen local

aaa authorization network groupauthor local

!

aaa session-id common

no ip cef

!

!

ip auth-proxy max-nodata-conns 12

ip admission max-nodata-conns 12

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.1 192.168.1.9

ip dhcp excluded-address 192.168.1.41 192.168.1.254

!

ip dhcp pool gresham

   network 192.168.1.0 255.255.255.0

   dns-server 64.105.163.106 64.105.172.26

   default-router 192.168.1.1

   lease 2

!

!

no ip domain lookup

ip domain name site.com

!

!

crypto pki trustpoint TP-self-signed-3233092784

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3233092784

revocation-check none

rsakeypair TP-self-signed-3233092784

!

!

username username password 7 0476082D0D

!

!

!

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp nat keepalive 20

!

crypto isakmp client configuration group vpnname

key keyname

pool vpnpool

acl 102

crypto isakmp profile ISAKMPprof

   match identity group vpnname

   client authentication list userauthen

   isakmp authorization list groupauthor

   client configuration address respond

   virtual-template 3

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto ipsec profile IPSecprof

set transform-set ESP-3DES-SHA

set isakmp-profile ISAKMPprof

!

!

!

!

interface FastEthernet0/0

no ip address

ip virtual-reassembly

duplex auto

speed auto

no keepalive

!

interface FastEthernet0/0.1

encapsulation dot1Q 1 native

ip address 192.168.1.1 255.255.255.0 secondary

ip address xx.x.xx.xx 255.255.255.224

ip access-group 111 in

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface FastEthernet0/0.5

description VER=1; PUR=LAN; DES=uplink; DEST=gbaby_Gi0/1;

encapsulation dot1Q 5

ip address 192.168.10.1 255.255.255.0

ip access-group 112 in

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface FastEthernet0/1

no ip address

ip virtual-reassembly

shutdown

duplex auto

speed auto

no keepalive

!

interface Serial0/0/0

no ip address

encapsulation frame-relay IETF

no ip mroute-cache

service-module t1 timeslots 1-24

service-module t1 fdl both

frame-relay lmi-type ansi

!

interface Serial0/0/0.1 point-to-point

frame-relay interface-dlci 16 ppp Virtual-Template1

!

interface Virtual-Template1

ip address negotiated

ip nat outside

ip virtual-reassembly

ip tcp adjust-mss 1452

ppp chap hostname 5588

ppp chap password 7 115A4C

ppp ipcp dns request

ppp ipcp route default

ppp ipcp address accept

!

interface Virtual-Template3 type tunnel

ip unnumbered FastEthernet0/0.1

tunnel mode ipsec ipv4

tunnel protection ipsec profile IPSecprof

!

ip local pool vpnpool 172.16.1.1 172.16.1.10

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 600 life 86400 requests 10000

ip nat pool nat xx.x.xx.x xx.x.xx.x netmask 255.255.255.224

ip nat inside source list 105 pool nat overload

!

access-list 102 permit ip 192.168.10.0 0.0.0.255 any

access-list 105 deny   ip 192.168.1.0 0.0.0.255 172.16.0.0 0.0.255.255

access-list 105 deny   ip 192.168.10.0 0.0.0.255 172.16.0.0 0.0.255.255

access-list 105 permit ip 192.168.1.0 0.0.0.255 any

access-list 111 permit udp any any eq bootps

access-list 111 deny   ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 111 permit ip 192.168.1.0 0.0.0.255 any

access-list 112 deny   ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 112 permit ip 192.168.10.0 0.0.0.255 any

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

logging synchronous

transport input ssh

!

scheduler allocate 20000 1000

end

Labels:
0 Helpful
20 Replies 20

NAGISWAREN2
Level 1
Level 1

‎06-01-2011 07:12 PM

It could be DNS issue, If you have Domain controller back in office, pls set your PC IP DNS same Domain Controller IP and try again.

Regards, Nagis
0 Helpful

firstascent
Level 1
Level 1
In response to NAGISWAREN2

‎06-01-2011 10:13 PM

Thanks, we do not have a domain controller. It is a pretty basic network configuration at the moment.

I have 1 router with the config shown above and 1 2960 switch. All pc's connect directly to the switch and that is all.

I removed all ACL's also to see if for some reason one of them was causing it but that didn't help...unless there is something I would need to ADD to the ACL's??

0 Helpful

fgasimzade
Level 4
Level 4
In response to firstascent

‎06-01-2011 11:44 PM

Basically, you need a DNS server to perform IP to hostname lookups.

It is not an access list issue, no just need to specify dns server in your config under "client configuration group" dns

0 Helpful

firstascent
Level 1
Level 1
In response to firstascent

‎06-02-2011 09:04 AM

Thanks guys, editing the hosts file will work for a temporary fix but not efficient. If I need someone else to connect and give them access I can't have them editing their hosts file every time and adding all the ip-hosts maps.

Is there really no other way than to create a separate dns server to resolve everything?

Also, the 192.168.10.0 0.0.0.255 network that the vpn has access to is internal only and has no access to anything but itself and whatever is on the vpn.

It is currently configured with ip, subnet, and default gateway only. There is no dns address configured on each pc.

Would it help to assign a dns to those as well?

I was going to try assigning a dns ip to the 'client configuration group' as mentioned above but wasn't sure what to use for the dns address.

0 Helpful

fgasimzade
Level 4
Level 4
In response to firstascent

‎06-02-2011 09:19 AM

"Is there really no other way than to create a separate dns server to resolve everything?"

I am afraid no

"Would it help to assign a dns to those as well?"

Help for what?

0 Helpful

firstascent
Level 1
Level 1
In response to fgasimzade

‎06-02-2011 09:29 AM

help for resolving the ip to hostname.

but it sounds like I will need to configure a dns server.

I have a pc running windows server 2003 that isn't being used much I could try to configure.

0 Helpful

fgasimzade
Level 4
Level 4
In response to firstascent

‎06-02-2011 09:34 AM

I think DNS server will be the best solution, my friend

0 Helpful

firstascent
Level 1
Level 1
In response to fgasimzade

‎06-02-2011 10:04 AM

Thanks, I will work on the DNS server.

This is more specific to DNS but do you happen to know if I will have to add an entry to the server every time a pc is added to the network? Or will I be able to configure it to automatically recognize it and add the correct "mapping"

0 Helpful

fgasimzade
Level 4
Level 4
In response to firstascent

‎06-02-2011 10:07 AM

If you use Active Directory domain system, mapping happens automaticaly. Not sure about other DNS servers, sorry

0 Helpful

Igor Vojnoski
Level 1
Level 1
In response to firstascent

‎06-02-2011 10:37 AM

On the same server that will act as your DNS server you can also configure a DHCP server.

Set the clients to get IP addresses from the DHCP server and they will also automaticaly register in the DNS server (The DHCP server should

give them IP adress, default gateway and the address of the DNS server).

0 Helpful

fgasimzade
Level 4
Level 4
In response to Igor Vojnoski

‎06-02-2011 10:47 AM

Yes, this is absolutely correct, forgot about that somehow..

0 Helpful

firstascent
Level 1
Level 1
In response to fgasimzade

‎06-02-2011 11:55 AM

unfortunately I need everything that is connected to this subnet to have a static ip, otherwise that method sounds like it would work well.

Thanks for the idea though!

0 Helpful

Igor Vojnoski
Level 1
Level 1
In response to firstascent

‎06-02-2011 12:06 PM

You can set IP reservations on the DHCP server.

The client will always get the same IP address from the DHCP server.

http://www.ehow.com/how_5593436_configure-dhcp-reservation.html

0 Helpful

Igor Vojnoski
Level 1
Level 1

‎06-02-2011 05:01 AM

You need a DNS or a WINS server do do what you want. Since you don't have either the only way to acheive this is to edit your hosts file and map Name to IP address in the hosts file of your computer (the one you use to connect remotely).

Here is how to edit the hosts file just in case you haven't done it before:

http://www.fpweb.net/support/managed-hosting/hostfile-editing-support.asp

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card