ping client hostname via vpn doesn't work, only ip address - Page 2

firstascent · ‎06-01-2011

When I am logged in to the vpn I can only ping the ip address of each device/computer connected but not the computer/host name. This used to work but now I'm not sure what I did to make it not work.

Do I need to add a command or enable something? If I am connected to the network directly then I can ping the hostname just fine, but not when I'm connected through the vpn. The 192.168.10.1 network is what I am trying to access through the vpn

Thanks, config below as well.

Building configuration...

Current configuration : 4217 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname lucee

!

boot-start-marker

boot system flash:c1841-advsecurityk9-mz.124-25c.bin

boot-end-marker

!

enable secret 5 $1$ilzT$C2t

!

aaa new-model

!

aaa authentication login userauthen local

aaa authorization network groupauthor local

!

aaa session-id common

no ip cef

!

ip auth-proxy max-nodata-conns 12

ip admission max-nodata-conns 12

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.1 192.168.1.9

ip dhcp excluded-address 192.168.1.41 192.168.1.254

!

ip dhcp pool gresham

network 192.168.1.0 255.255.255.0

dns-server 64.105.163.106 64.105.172.26

default-router 192.168.1.1

lease 2

!

no ip domain lookup

ip domain name site.com

!

crypto pki trustpoint TP-self-signed-3233092784

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3233092784

revocation-check none

rsakeypair TP-self-signed-3233092784

!

username username password 7 0476082D0D

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp nat keepalive 20

!

crypto isakmp client configuration group vpnname

key keyname

pool vpnpool

acl 102

crypto isakmp profile ISAKMPprof

match identity group vpnname

client authentication list userauthen

isakmp authorization list groupauthor

client configuration address respond

virtual-template 3

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto ipsec profile IPSecprof

set transform-set ESP-3DES-SHA

set isakmp-profile ISAKMPprof

!

interface FastEthernet0/0

no ip address

ip virtual-reassembly

duplex auto

speed auto

no keepalive

!

interface FastEthernet0/0.1

encapsulation dot1Q 1 native

ip address 192.168.1.1 255.255.255.0 secondary

ip address xx.x.xx.xx 255.255.255.224

ip access-group 111 in

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface FastEthernet0/0.5

description VER=1; PUR=LAN; DES=uplink; DEST=gbaby_Gi0/1;

encapsulation dot1Q 5

ip address 192.168.10.1 255.255.255.0

ip access-group 112 in

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface FastEthernet0/1

no ip address

ip virtual-reassembly

shutdown

duplex auto

speed auto

no keepalive

!

interface Serial0/0/0

no ip address

encapsulation frame-relay IETF

no ip mroute-cache

service-module t1 timeslots 1-24

service-module t1 fdl both

frame-relay lmi-type ansi

!

interface Serial0/0/0.1 point-to-point

frame-relay interface-dlci 16 ppp Virtual-Template1

!

interface Virtual-Template1

ip address negotiated

ip nat outside

ip virtual-reassembly

ip tcp adjust-mss 1452

ppp chap hostname 5588

ppp chap password 7 115A4C

ppp ipcp dns request

ppp ipcp route default

ppp ipcp address accept

!

interface Virtual-Template3 type tunnel

ip unnumbered FastEthernet0/0.1

tunnel mode ipsec ipv4

tunnel protection ipsec profile IPSecprof

!

ip local pool vpnpool 172.16.1.1 172.16.1.10

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 600 life 86400 requests 10000

ip nat pool nat xx.x.xx.x xx.x.xx.x netmask 255.255.255.224

ip nat inside source list 105 pool nat overload

!

access-list 102 permit ip 192.168.10.0 0.0.0.255 any

access-list 105 deny ip 192.168.1.0 0.0.0.255 172.16.0.0 0.0.255.255

access-list 105 deny ip 192.168.10.0 0.0.0.255 172.16.0.0 0.0.255.255

access-list 105 permit ip 192.168.1.0 0.0.0.255 any

access-list 111 permit udp any any eq bootps

access-list 111 deny ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 111 permit ip 192.168.1.0 0.0.0.255 any

access-list 112 deny ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 112 permit ip 192.168.10.0 0.0.0.255 any

!

control-plane

!

line con 0

line aux 0

line vty 0 4

logging synchronous

transport input ssh

!

scheduler allocate 20000 1000

end

firstascent · ‎06-03-2011

Ok, I'm almost there.

I setup Active directory with DNS on a spare computer.

I set the pc's DNS to the dns of the new dns server.

On the pc that I am connecting via vpn I set the dns to the new dns server as well. I still could not ping via hostname though.

The only way so far I've gotten it to work is setup the computer to connect to the domain as well that I just created.

Is that how it is supposed to be? I was hoping I would just be able to set the dns and be good to go.

I don't want to have to have a user set their computer to connect to the domain everytime they want to vpn in.

Unless there is a way to script it in my router config?

fgasimzade · ‎06-03-2011

Have you configured DHCP on the server?

firstascent · ‎06-03-2011

I have not yet. DHCP is only configured on the router at the moment.

But I just got it to work a little better.

in the 'client configuration group' on the router I set

domain

and now I can ping via hostname!

Although now that my pc is getting the domain from the vpn config instead of set on the pc itself, all the pc's on the network do not show up, such as in my network places

Before, when i had the domain set on the pc and NOT from the vpn config then I could see all of the pc's on the network.

Does that sound "normal"

fgasimzade · ‎06-03-2011

Well, not sure about that

Try adding dns in you vpn config under 'client configuration group'

See what it gives you

firstascent · ‎06-03-2011

yes, I have

dns

domain

both in 'client configuration group' right now

It seems I need both set in there in order to ping by hostname

fgasimzade · ‎06-03-2011

I believe you have achieved what you were looking for