Question
-
Topic
-
DNS over PPTP
LockedI recently updated the PIX Firewall version on two PIX515E’s from 6.3(2) to 6.3(5). After the upgrade, a limited number of PPTP clients were no longer able to resolve internal DNS. On these hosts, all DNS queries while connected to the VPN use external DNS; despite IPCONFIG /ALL indicating otherwise. 90 percent of the PPTP clients continue to function as expected, using internal DNS, as defined in VPDN GROUP config.
Also, the affected clients only exhibit this behavior while behind a Belkin or NetGear router. No issues exist on these same clients while using Mobile Broadband or LinkSys routers.
All PPTP clients are configured to use Default Gateway on Remote Network.
Any help would be greatly appreciated!
RELEVANT CONFIG:
name 172.21.1.1 dca
name 172.21.1.2 dcbip address site 204.120.x.x 255.255.255.248
ip address inside 172.21.0.4 255.255.240.0ip local pool vpn-a.pool 192.168.101.1-192.168.101.62
sysopt connection permit-pptp
vpdn group PPTP-VPDN-GROUP accept dialin pptp
vpdn group PPTP-VPDN-GROUP ppp authentication pap
vpdn group PPTP-VPDN-GROUP ppp authentication chap
vpdn group PPTP-VPDN-GROUP ppp authentication mschap
vpdn group PPTP-VPDN-GROUP ppp encryption mppe 40
vpdn group PPTP-VPDN-GROUP client configuration address local vpn-a.pool
vpdn group PPTP-VPDN-GROUP client configuration dns dca dcb
vpdn group PPTP-VPDN-GROUP client authentication aaa RADIUS
vpdn group PPTP-VPDN-GROUP client accounting RADIUS
vpdn group PPTP-VPDN-GROUP pptp echo 60
vpdn enable site
