Cisco VPN :: 5510 Unable To Resolve Server Address
Mar 27, 2011
I am using the Cisco VPN Client 5.0.06.0160 - and am having an issue connecting to my ASA 5510 via VPN. This issue is happening on 1 of our laptops. All other laptops connect just fine. So the problem is not in the ASA. I have double checked the client setup and config and it too is correct. The interesting thing is, we are connecting to an IP Address and not a host name.
I have been trying to connect to the Internet via a wireless connection but keep receiving the above error. None of the Windows solutions resolve the problem. On Google Chrome I see a screen saying 'This web page is not available', and receive 'Error 105: Unable to resolve the server's DNS address'. I cannot access Internet Explorer either.The strange this is that this problem only seems to occur with some wireless networks, as I can connect fine at home. In certain places, however, I am told that I am connected but that accss is 'Local Only', and I cannot open any browsers. I need the problem resolved as soon as possible as I cannot access the internet where I need it most.
I'm connected through the router, a few times a day I cannot open web pages, getting error: Error 105 (net::ERR_NAME_NOT_RESOLVED): Unable to resolve the server's DNS address.Skype continues to work. Here are the results of pinging:
Microsoft Windows [Version 6.1.7600] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:UsersSri Guru>ipconfig /all[code]....
One technician said that this is the providers problem, but I don't think so. When I restart the modem everything works.I have a Netgear WGR614 v9 router.I use ESET 5 security. Btw, connection drops on all computers connected through the router, so it's not my firewall.
My laptop is connected to a router via wifi but it keeps getting a DNS fault. I have another PC linked to the same router via WiFi and that works perfectly all the time. I have the same problem on both google chrome and IE browsers where I just get the message telling me that the DNS look up failed. My internet is still connected as I can dial into my remote CCTV cameras and I can ping website ip addresses. Most times I can just turn off my wireless adapter and turn it back on and it works for another hour or so. But sometimes it wont work all day, unless I start my laptop in safe mode, when it works everytime! I have flushed the DNS cache several times but to no avail.
I have a fixed external ip address.I have port forwarding setup for accessing a NAS inside my LAN, lets say port 12345.Now when I use my laptop outside my own LAN, e.g. 184.108.40.206:12345 resolves nicely to my NAS. But when I use the same 220.127.116.11:12345 inside my LAN, it does not resolve. Instead, it gives me a 'server takes too long to answer' error
I have also setup a virtual host to an ip cam inside my network. That one resolves just fine. I tried enabling remote management on the DIR-655 and also that works fine using 18.104.22.168:8888.When I replace the external ip address with the internal ip address of my NAS, thus bypassing port forwarding, it obviously also works ok.
Why the forwarded ports are not accessible when I use my own external fixed IP address? Does the DIR-655 treat it different than other external IP addresses?
My company recently purchased a custom domain name through In Motion Hosting (inmotionhosting.com) which has worked great up until today. As of this morning we are not able to view our webpage online (ronnysinc.com) or any inmotionhosting pages including our email accounts. However, we can view any other website and computers outside of our network seem to be able to view those pages without any problem. [code] As you can see it works fine with any other website such as google. My initial thought was it was being blocked by our firewall but when I log into the router I do not see any firewall settings that would create this block. I also tried resetting the router and flushing the DNS with no success.
I am trying to configure the ACS with AD in the identity store but am running into the following issue.I enter the AD Domain Name and username and password and hit the 'Test Connection' button and receive a DNS error stating that it 'Cannot resolve network address'.I have logged into the CLI and test to the domain name from there and it works fine.
I am running a webserver locally and I am unable to resolve it by domain name (e.g. mydomain.com) when I am inside my network. However, I am able to hit it internally (e.g. 192.168.0.10) just fine. When I try to access mydomain.com from inside my network it comes up with my Actiontec router's admin page on 192.168.1.1.Here is my configuration:Actiontec FIOS router 192.168.1.1 (connected to internet)DHCP disabled Netgear Router 192.168.1.2 is in the DMZHas cable running from Actiontec's LAN port to Netgear's WAN port[CODE]
I added a new server and created a new static NAT assignment on the ASA 5510 to the server's IP. When I browse to the web to check what public IP it's reporting, it shows the wrong IP. I disabled the network interface on the server, ran "clear xslate", reenabled the network interface, ran "sho xlate" and while the correct translation was in the table, the server still reported the wrong IP address.I even ran a packet trace and it showed the IP address being correctly translated to the proper public IP, but when I browse to the web I get the same erroneous public IP. [code]
I have a Cisco 1721 router with an ADSL wic. I have followed guides on the Cisco website so that I can connect the router to my home adsl connection. The router connects to my broadband provider and sucesfully obtains an IP address along with Dynamically assigned DNS servers. I am able to ping google.co.uk from the router but not from clients attached via DHCP.
I have noticed that if I ping the IP address of google.co.uk from a client it resolves but it will not resolve the name. This would lead me to believe that the problem lies with DNS resolution/forwarding but I do not know how to investigate further.
I am working on adding a mapping to our external address for our mail server - let's call it mail.example.com
I would like to be able to access mail.example.com internally for our user's smartphones - if they access our company WiFi they are not able to get mail using the mail.example.com as the server name in their phone setups. However, once they leave the office and use any other WiFi it works fine. Also, I am unable to ping that address from any internal device. I believe also this is the reason Exchange accounts do not work on our site to site VPN connections.
I have a ASA 5520 and work primarily in the ASDM 6.4 to do configurations in the main office and have 5510 in our site to site connections.
I randomly lost Internet connection, and since have not been able to Renew an IP address! Other people in my household can connect just fine. I've tried numerous things to get my internet back, but continue to be unsuccessful in doing so.
Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:Documents and SettingsMike>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : miker Primary Dns Suffix . . . . . . . :
I'am using ASA 5510 and I try to understand how PAT is working.I want to add a Mail Server in the LAN and a webmail using port 3000 on the server. ( webmail must be reachable from the WAN)This is my Configuration :actually LAN users access internet using NAT with one global IP ( 194.x.x.69) which is the ASA WAN interface.
WAN ----- ISP Router ---------- FW ---------- LAN -------- Mail Server + Webmail | (25) | (3000) 194.x.x.69 192.168.1.254 192.168.1.6
I need to forward port 3000 and port 25 from outside to inside.For example, from the WAN : [URL] must be redirect toward 192.168.1.6:3000 . What is the Correct Configuration ? And what about the Inside/Outside Traffic,Is there any configuration to add ?
I purchased the EA6500 a few days ago, and when I'm connected to Cisco Connect Cloud I am unable to select Folder Access / FTP Server / Media Server. I click them and nothing happens.Also, the Cisco light on the router keeps blinking.
I have a 5505 that currently has inside/outside interfaces and everything is working just fine. I am trying to create a DMZ that will essentially be just for vendors/guests. the DMZ will have full access to the outside (Internet) but no access to the inside. I am using the FW for DHCP, and 22.214.171.124 and 126.96.36.199 for DNS. I currently have 1 laptop in the DMZ vlan, and it is getting a correct IP, and it is showing 188.8.131.52 and 184.108.40.206 in ipconfig. I can ping/tracert 220.127.116.11/ 4.2. 2.2/18.104.22.168(what url... resolved to on a laptop connected to the inside vlan), but I cannot ping nor browse to url.... [code]
As far as I understand it Fault Manager need to be able to do reverse lookup for ip adresses to show the correct name in the "device name" column. I have double and tripple checked and all devices that only is shown as an ip address do have a reverse in the dns used by the LMS server. The device is correctly registered and inventory have been run. If I hold the mouse pointer over the crosshair on the row of the offending device all info is shown including correct device name and fqdn.
The server is upgraded from 4.2.1 to 4.2.2 and we have the same problem before the upgrade.
I am unfortately the only IT staff now for 100 - 150 users in my organization besides a consultant who doesn't have an answer for this issue even though he sold us the hardware and environment. While I realize that this version of the Cisco VPN doesn't support Windows 7, we do have some Windows 7 PC's that have the software and work perfectly fine upon install. In this case, I am at a remote location with both a Windows XP SP3 and Windows 7 SP1 computer. Both have the same Cisco client installed and connect to our ASA5520. I cannot get DNS resolution out of this computer to any remote network resources or other domains such as cnn.com including localhost. Adding the entries manually in the hosts file does nothing and I even tried removing the VPN client, the network connections and components and even a manual winsock reset. I cannot resolve internet DNS but can ping all internal IP addresses. The Windows XP computer across from me has no issues. I am not going to update any VPN clients as we still don't have computers who are functional so I need to spend money where it counts before I upgrade computers and I cannot perform a downgrade on this model because the previous person who bought it didn't bother to check Windows XP compatibility before they installed them in 10+ communities.
Here's my IP config - FYI all works well when not connected to the VPN for general web domains.
C:UsersAdministrator>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : GHN-Green-S01 Primary Dns Suffix . . . . . . . :
i recently get high speed link for my compagny to replace the old frame realy.the internet service provider gave me a non routable range to set on my asa like this : [code]then the ISP tell my public ip wan range was x22.214.171.124/29.i made this kind of configuration works when i put a cisco routeur in befor the cisco asa like this: [code] it is possible to make this works on cisco asa 5510 without putting a router in front ?if it works problem can happen to establishing vpn from the outside interface having a private ip ?
I am trying to perform destination NAT through a VPN tunnel.my scenario traffic coming from 172.29.11.135 needs to connect to address 192.168.1.1 from the source device traffic will have a source IP address of 172.29.11.135 destination will be 172.30.14.1 traffic will hit the asa 5510 and the traffic source will stay as 172.29.11.135 but the destination needs to change to 192.168.1.1.
I have tried the different types of NAT but been unsucessful with all. My VPN tunnel will connect if the destination address does not change (NAT Exemption used). This scenario is even possible on Cisco devices. I have seen discussion that NAT the source address but not the destination address.
example config access-list FROM_INTERNET extended permit esp any any access-list FROM_INTERNET extended permit ah any any access-list FROM_INTERNET extended permit gre any any access-list FROM_INSIDE extended permit ip host 172.29.11.135 host 172.30.14.1 access-list VPN-TUNNEL extended permit ip host 172.29.11.135 host 192.168.1.1
**I have left other config statements off as the NAT config used previous has not worked and the VPN tunnel does build when using NAT exempt.
**All ACL have been applied in the inbound direction on the respective interfaces. Two static routes have been applied to the FW directing inside traffic inbound and all unknown traffic outbound. I have not defined a specific static roule for the VPN traffic allowing the default static to perform that function.
How to configure ASA 5520 to resolve names in ASA's. We are currently using ASDM to configure network objects with the hostnames in the internet and then specifying the IP address . But this is done manually. Is there a different way of setting it up on ASA. Also when getting reports from ASA, we see the IP's but is there a way that we could add an identity to the IP's (reverse lookup)
I am having issue with my network as my router won't resolve most of the hostname of the network, I have 30 devices on my network, and only 4 names are displayed on the available local host. It makes it very difficult to identify the devices on the network.
1. I have a DSL modem + wireless + router 2. I have a Vonage phone that taps into one of the LAN ports 3. I have DIR 655 router that taps into one of the LAN ports 4. I have NAS that taps into one of the DIR 655 LAN ports 5. I have Printer that taps into one of the DIR 655 LAN ports 6. I have a BD Player that connects to DIR 655 through wireless.
All my components that are tied to DIR-655 resolve through IP address. I would like to have the resolution through host name as it works with my first router (DSL Modem / Router). Identifying components with IP address is not only inconvinient in terms of reading / recognizing my components but ther could be other issues. I am not very techie on the networking side but I do have some basic knowledge.
My Belkin router has an option to set a local domain name, which, I suspect, allows me to address hosts within my own network using this domain. By default, this is set to be "Belkin". Is it possible to call hosts within my network like this, e.g. ping foobar.Belkin instead of ping 192.168.2.4? The thing is, my routers internal page shows all set host names (so dh client seems to work) and the router itself is reachable as router.Belkin, but no other hosts are. My problem here is that the router knows each hosts name, but the hosts don't know each others name. How can I fix that?
Note: Nmap showed that port udp/53 for DNS is open on my router, but I can't find any way to configure it on the Web-interface.
We have a strange issue for one of our customers that recently migrated to our internet service.They are trying to vpn to an external ip address not controlled by ourselves. The issue is only on one subnet and isolated to Mac’s, PCs in the same subnet also work fine. They were able to vpn from the MACs before they migrated to our INET solution. They previously used a checkpoint FW for their outside NAT and firewall and now are using a failover pair of asa 5510s. I have packet traced out the firewall and there should be nothing blocked. UDP ports 500 and 4500 are open to the destination ips from the correct subnets. All other subnets with Windows PCs can vpn out to external ip without issue. The users in that subnet with the MACs can also browse internet fine so the routing and nat overloading is also ok
When they try to initiate a connection from the macs i can see the connection/xlate coming in from a source port of udp 4500/500 and also a destination of udp 4500/500 instead of a random source port. Just this evening we managed to get one device connected but no others. Would the fact that the source port is claiming 500 and 4500 stop the other macs using the same source ports at the same time to connect out? They are using the onboard mac vpn client, he can’t get the Cisco one working at the minute. [code]
I have setup a site to site VPN with an ASA 5510 (8.4) and a Cisco 2811. The tunnel is working fine, however both sites have 5 different contiguous networks. The crypto ACL between sites states only one subnet.Is it possible to state a summary address in an ACL rather than having five lines for the ACL?The tunnel works when the router uses an ACL of 10.2.200.0 0.0.7.255, however if a summary address of all the subnets on the inside network of the ASA are stated in an ACL - 10.1.200.0 255.255.248.0 - then the tunnel does not come up.Is it possible to state a summary address on a crypto ACL on the ASA?
We have an ASA5510 running version 8.25. This is in our central office in London. The London network has an ip address range of 10.110.128.0/22. Connected to this via a site-to-site VPN we have a satellite office that has an IP address range of 172.16.148.0/22.
We have now connected to our parent company via another site-to-site VPN connected to the same ASA5510. Their network has an internal range of 10.110.18.0/24. It was our parent company that issued us with our range of addresses a long while ago so that it all fits in with the rest of the company.
We have resources (web servers) on their network that we use which work just as it all should. We now want to allow our satellite office to view those same web servers. The problem is that only 10.110 addresses can flow to our parent company.
I have configured the firewall at our central office and our satellite office to route across to our parent company via our network network and the packets are flowing just fine except that obviously once they reach our firewall they cannot go to our parent company because the 172.16.148 range cannot be routed there.
My idea is to NAT traffic from our satellite office to one of our local addresses before it goes over to our parent company network.
For example: If someone in our satellite office with an IP address of 172.16.150.5 attempts to request a resource from 10.110.18.12 then the request would go via the VPN to our firewall and then get NATed to 10.110.131.200 before being passed on to our parent company network.
My question is what would the NAT configuration be to achieve this. I just cannot work out what type of NAT I would need or how to construct the command. It's probably PAT as it will be multiple addresses to a single address. Essentialy, all traffic from 172.16.148.0/22 destined for 10.110.18.0/24 should get NATed at our firewall to 10.110.131.200 before being passed on.
Just to add, we already have this working from our Cisco 3000 Concentrator which is now going to be phased out hence trying to get this to work on our ASA. The satellite office has now been moved to the ASA and as of today our parent company has been moved to the ASA.
I am using an ASA 5510 firewall in routed mode.How can I filter incoming traffic by mac address on the AS 5510 ? I have already setup a static access rule for rdp users on the outside to access a terminal server on the inside.Now, i would like to further limit access from specific computers only.
I am setting up a webserver to host our website on our local network. When I'm browsing from an external network, I can pull our website example.com and a sub domain test.example.com. However, when I'm browsing from our internal network, I cannot pull up test.example.com. I am not sure if this is due to propigation issues or what.When I do nslookup from external, it shows my network's main IP address. When I do it from local, it can't find an address and says non-existent domain.Should I have any problems connecting to my website if it is using my external IP address? Will this be a loopback problem? If so, how can I resolve this?