vpn client 3.0, PIX-515, DNS entries ignored

mobartz · ‎06-12-2001

As the subject says, I'm working with a Cisco PIX-515 and the new v3.0.2 VPN client. Everything seems to work great, except on the Win98se machine that I'm using for testing, the system continues to use the ISP DNS resolvers instead of the internal one pushed out from the PIX.

A look at winipcfg reveals that the the internal DNS servers are listed, but doing a ping from the command line will access the public IP address of the machine that I'm trying to connect to, rather than the private IP address.

If I ping something for which there is NO public DNS entry, I get the proper internal ip address.

If I ping something for which there IS a public DNS entry, I get the public one instead of the private one.

Telnet, http, etc. all produce the same problem.

Any ideas? I've heard of using a hosts file to deal with this, but I want to avoid the maintenance nightmare of that.

Thanks,

Mike

p.krane · ‎06-15-2001

Actually what might be happening here is your browser is caching the dns name and re-using a previously looked up address. Try closing the browser and reopening it. There was another thread on here with a reg hack you might find useful but the user never reported back if it worked or not. If it works for you, come back and let me know. You’re right though, LMHOSTS is not a scalable solution. http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_messages%26mode%3Dnew%26location%3D.ee6f12f%2F0

mobartz · ‎06-15-2001

I saw that post earlier. It seems to be an IE specific fix, but I get problems with ping.exe and telnet as well. Actually, there are times when I get 4 out of 5 responses with the public IP address -- the other response is the private one. So it is probably a timeout issue when talking to the ISP DNS.

Any other ideas? Cisco's TAC hasn't been much help either.

Thanks,

Mike