0

We have persistent IPSec tunnels on my firewall to two remote offices.

When users from those offices visit, what exactly would I need in order to get their RDP shortcuts to resolve over the tunnels? Their VPN clients are functioning on their machines, but obviously the IP's attached to the RDP shortcuts are not resolving to machine names.

lxlxlxl
  • 23
  • 3
  • From the sound of things, lack of documentation seems to have more to do with this problem than any idiocy on your part. – Kara Marfia Jan 18 '10 at 21:40

1 Answers1

1

EDIT: I later realized that I completely missed the obvious in this scenario. This isn't a DNS problem as much as it is a routing issue. lxlxlxl, you made mention of using VPN clients internally. That puzzles me as it would seem from your initial posting that VPN clients are unnecessary in this situation. Could you explain more about the use of VPN clients?

Ultimately, routing information needs to be input into the point-to-point VPN devices so that network traffic can be moved between subnets. FYI, DNS info can be shared between domains.End Edit

If I'm understanding your scenario correctly, simply using DNS for the RDP shortcuts' target would take care of everything... as long as your DNS was properly delegated and propagated.

Set up DNS right and this problem and probably a few more will go away.

Wesley
  • 32,690
  • 9
  • 82
  • 117
  • thanks np. i was unclear about something important which is that we are all on three different domains. there isnt actually a shared dns environment. The problem that I have trouble getting my head around is the use of the VPN clients internally when these ipsec rules exist on the PIX firewall... – lxlxlxl Jan 18 '10 at 16:42
  • Being on three different domains doesn't mean that the individual networks can't route between each other, and the presence of the ipsec rules on the PIX indicate that there is an intention to route _something_ between them. Can you ping the ip-addresses of systems on one of the remote domains from a standard machine in the main office? If so then I thin NP's bang on target. – Helvick Jan 18 '10 at 18:51
  • i just took over at this shop, and the remote sites are in vastly different global time zones, thus the lack of information and clarity on my part when asking the question. waiting to hear from admins from the other sites and ill post the solution / fix here. – lxlxlxl Jan 18 '10 at 19:55
  • fyi the issue was additional firewall rules at the other offices to block traffic for only specific IP addresses... – lxlxlxl Jan 25 '10 at 18:53