Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
947
Views
0
Helpful
3
Replies

Site to site VPN DNS problem

tpahuja
Level 1
Level 1

‎09-10-2018 02:08 PM

Folks,

              I have a  simple site to site vpn setup using ASA's. We had overlapping address space on both sides therefore we are doing NAT as the traffic traverses over the IPSEC tunnel.

 

Since the VPN tunnel is between two different organizations they do not want to point to each other's DNS for resolution as safeguard themselves.

 

My question is what is the most scale able solution for this problem? Creating LMHost files on the hosts is not an option as there are many hosts.

 

I will surely rate any helpful answer.

Labels:
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎09-10-2018 02:18 PM

Hi,

 

You could configure a name space within your DNS pointing the natted ip address of the remote servers, assuming you've setup static 1-2-1 nat.


What resources are you attempting to access of the VPN? If you are attempting to do anything with AD (like an AD trust relationship) this won't work as it will always attempt to connect to the real ip address.

HTH

0 Helpful

tpahuja
Level 1
Level 1
In response to Rob Ingram

‎09-10-2018 02:22 PM

Thanks for your response. There is no AD involved, just static 1-2-1 mappings.

 

How can i create a space in my DNS? they have a different domain? can you please elaborate.

 

0 Helpful

Rob Ingram
VIP
VIP
In response to tpahuja

‎09-10-2018 02:26 PM

Assuming you have AD server, access the DNS mmc. Go to Forward Lookup Zones and create a new name space (this name space is separate to your corp name space), wthin the new name space you'll create a DNS entry for each server that has a 1-2-1 nat. As your client computers your DNS server they'll be able to resolve the FQDN of the remote servers.

HTH
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents