Question

  • Creator
    Topic
  • #2226472

    DNS over PPTP

    Locked

    by mjfera ·

    I recently updated the PIX Firewall version on two PIX515E’s from 6.3(2) to 6.3(5). After the upgrade, a limited number of PPTP clients were no longer able to resolve internal DNS. On these hosts, all DNS queries while connected to the VPN use external DNS; despite IPCONFIG /ALL indicating otherwise. 90 percent of the PPTP clients continue to function as expected, using internal DNS, as defined in VPDN GROUP config.

    Also, the affected clients only exhibit this behavior while behind a Belkin or NetGear router. No issues exist on these same clients while using Mobile Broadband or LinkSys routers.

    All PPTP clients are configured to use Default Gateway on Remote Network.

    Any help would be greatly appreciated!

    RELEVANT CONFIG:

    name 172.21.1.1 dca
    name 172.21.1.2 dcb

    ip address site 204.120.x.x 255.255.255.248
    ip address inside 172.21.0.4 255.255.240.0

    ip local pool vpn-a.pool 192.168.101.1-192.168.101.62

    sysopt connection permit-pptp

    vpdn group PPTP-VPDN-GROUP accept dialin pptp
    vpdn group PPTP-VPDN-GROUP ppp authentication pap
    vpdn group PPTP-VPDN-GROUP ppp authentication chap
    vpdn group PPTP-VPDN-GROUP ppp authentication mschap
    vpdn group PPTP-VPDN-GROUP ppp encryption mppe 40
    vpdn group PPTP-VPDN-GROUP client configuration address local vpn-a.pool
    vpdn group PPTP-VPDN-GROUP client configuration dns dca dcb
    vpdn group PPTP-VPDN-GROUP client authentication aaa RADIUS
    vpdn group PPTP-VPDN-GROUP client accounting RADIUS
    vpdn group PPTP-VPDN-GROUP pptp echo 60
    vpdn enable site

All Answers

  • Author
    Replies
Viewing 0 reply threads