Re: [FW-1] cannot resolve dns names through site to site vpn

Fri, 31 Aug 2007 06:59:05 -0700 

No Name Available a écrit :

Hi all
I cannot resolve dns names through a vpn tunnel. I can ping dns server
from client. I have ticked option accept domain name over udp     before
last
And accept domain name over tcp          before last as well.
There is nothing in the excluded service in vpn community. Both vpn
gateways anre ngx r61 gateways.  Tunnel is up and rest everything is
working.

Tcpdump output from client side:

14:16:13.921642 I client.1380 > dns server.53:  1+ PTR? Server
dns.in-addr.arpa. (40)

    0000 xxxxxxx xxxxxxxx xxxxxxxxx 02313501 .............15.
    0010 30013002 31300769 6e2d6164 64720461 0.0.10.in-addr.a
    0020 72706100 000c0001                   rpa.....

14:16:14.196917 O dns server.53 > client.1380:  1* 1/0/0 PTR dns
server4.<truncated> (80)

    0000 xxxxxxx xxxxxxxxx xxxxxxxx 02313501 .............15.
    0010 30013002 31300769 6e2d6164 64720461 0.0.10.in-addr.a
    0020 72706100 000c0001 c00c000c 00010000 rpa.............
    0030 04b0001c 08686c73 64633031 700b756b .....dns server
    0040 3336356f 66666963 6502636f 02756b00 x.co.uk.

14:16:14.198972 I client.1381 > dns server.53:  2+ A? lhrmg01p. (26)

    0000 00020100 00010000 00000000 086c6872 .............lhr
    0010 6d673031 70000001 0001              mg01p.....

14:16:14.473285 O dns server.53 > client.1381:  2 ServFail 0/0/0 (26)

    0000 00028182 00010000 00000000 086c6872 .............lhr
    0010 6d673031 70000001 0001              mg01p.....



Hello,

It looks like the dns goes fine between client and server.
I suppose lhrmg01p is the name you try to resolve.
can you at least resolve the dns server name from IP and IP from name ?
did you check the dns settings, isn't there any restriction to the client domain ? 

do you have any drop in the smartview tracker ?


Kind regards
Tauseef Khan 
Infrastructure Team
Mob: 07796447091



=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to