How to access A-records defined on a server on the other side of my VPN connection?

1

So I'm not very savvy when it comes to windows networking, but hopefully I can explain my problem clearly.

I have a VPN connection to my office network. The VPN connection appears to work fine as it connects and logs me in successfully. In the connection box I have to provide a domain and my username to log in.

Once the VPN is connected I am then able to ping my office computer as if I was on the same network. That is great. The problem is that there is a server on that network that defines a bunch of A records for web applications we are working on and I can't seem to hit any of those from my home computer, even though I can at work. If I remote into the office PC and navigate to these addresses they work fine.

I also know that my co-worker can hit these a records from home so it has to be something I'm doing wrong. Here's a better example:

My office PC has IIS setup to host three different websites.

  • Website1 is the default website that is hit when you just navigate to the computer's name, "http://aford/".
  • Website2 is bound to a hostname and is only hit when hit via the A record "http://aford-website2/".
  • Website 3 is bound to a hostname and is also only hit via an A record, "http://aford-Website3/".

I can hit Website1 from my home PC by navigating to the address of the office PC. I cannot hit the other two websites because the route is somehow not making it to the server that defines those A records I assume.

Here are a list of local IP addresses on the office network:

Name: techserv
Local IP: 192.168.0.160
Job: hosts the A records

Name: aford
Local IP: 192.168.0.29
Job: My office PC, hosting the three web applications.

Default gateway: 192.168.0.1

Here are a list of local IP addresses on my home network:

Name: alex-pc
Local IP on VPN connection: 192.168.0.205
Local IP on home router: 192.168.1.2
Job: My home PC, the one connecting to the VPN.

Default gateway on home network: 192.168.1.1

IPconfig lists default gateway for VPN as 0.0.0.0

If I manually edit my home PC's hosts file and put in the A record myself and point it to my office PC's local IP while connected to the VPN, then I can hit the other two websites bound to those host names.

So I am definitely unable to hit the A records defined on the other side for whatever reason. Here are a few screen shots of some configuration screens for my VPN. Maybe you guys can correct me somewhere.

Security Tab:

enter image description here

Advanced IP settings:

enter image description here

Advanced DNS settings:

enter image description here

Advanced WINS settings (I really have no clue what this tab is):

enter image description here

Update

If I do a tracert from my home pc to my office pc, I see that it first hits "techserv" then "aford". Techserv is where those A records are defined. I am pretty confused :/

Chev

Posted 2011-06-20T18:12:52.800

Reputation: 343

Quite... involved! A lot to read through/get my head around... As your co-worker can access the sites, is it possible for you to both do a ipconfig /all, followed by nslookup aford and nslookup aford-website2 then put the results at the end of your answer.... this should help me (and others) a bit better in order to help you. – William Hilsum – 2011-06-20T18:22:19.863

Yeah sorry, I have been spending a lot of time today trying to get this working. I didn't want to miss anything. Unfortunately at the moment I am the only one on the VPN. It's actually rare for us to use the VPN. – Chev – 2011-06-20T18:41:44.833

Answers

1

You probably are not resolving to the right DNS server. It is probably resolving to one on the Internet. To resolve this, in Windows 7, go to:

Control Panel>Network and Sharing Center>Change adapter settings>Advanced>Advanced Settings and move the "(Remote Access connections) to the top, and give that a try (you may need to reconnect). By moving this to the top of the list, you will then be using the DNS server associated with the VPN connection, and be able to resolve anything that it can resolve.

This assumes that your work VPN server is also giving you a DNS server to use. If not, ask what it is (or you can just get it by doing an ipconfig /all on your work computer), and enter it manually as a DNS server for this connection.

KCotreau

Posted 2011-06-20T18:12:52.800

Reputation: 24 985

I get as far as Control Panel>Network and Sharing Center>Change adapter settings but then there is no such thing as "advanced". All I see are my network adapters. – Chev – 2011-06-20T18:35:40.160

This does sound like what I want, if I could just find the screen you are talking about. They do define a DNS server to use. – Chev – 2011-06-20T18:44:18.233

Sorry, I keep my menus exposed by default...You can hold the ALT key down to expose them. You should be able to porceed from there. – KCotreau – 2011-06-20T19:04:22.240

@Chevex In the future, to expose the menus permanently, you can click Organize>Layout>Menu bar. – KCotreau – 2011-06-20T19:27:05.037

Thank you for all the help. The problem turned out to be a DNS suffix thing. Not exactly sure what that is but I was able to get it working. – Chev – 2011-06-20T20:10:39.587

0

After much playing around I discovered that it was the DNS suffix. I don't really know what that is, but an ipconfig /all revealed that my office PC had one. I copied that into the "DNS suffix for this connection" box and then all started working.

enter image description here

While I'm glad I got it working, would anybody care to give me a brief explanation or link me to some materials that explain what a DNS suffix is? I appreciate it. Thank you guys for all the help!

Chev

Posted 2011-06-20T18:12:52.800

Reputation: 343

First, did you ever try my solution? That would probably have also given you the suffix automatically. What the suffix is is that when you ping "testcomputer", it is really pinging testcomputer.yourlocaldomain.com (which can also be your local computer name, if not on a domain). Pinging testcomputer alone is not really a complete identifier, so it needs to append the suffix automatically behind the scenes. So if you want it to check more than X.yourlocaldomain.com, you can add other domain suffixes it will try to resolve against. – KCotreau – 2011-06-20T20:18:35.620

Yes I did try your solution and it did not work; I put remote access connections at the top of the list. Thank you for the explanation though, that makes sense. – Chev – 2011-06-20T20:22:15.257

They must not have the domain configured as a DHCP option when handing out your VPN IP address. When connected, if you do an ipconfig /all, you should see "Connection-specific DNS Suffix . : workdomain.com" for that to work. I just looked at one of my VPN connections, and it is there, so I can resolve names without adding the DNS suffix as you did....but that is a setting IT has to make. – KCotreau – 2011-06-20T20:27:37.223

Gotcha, that makes sense. – Chev – 2011-06-20T21:13:37.210

Asked: 2011-06-20T18:12:52.800

Viewed: 231 times

Active: 2011-08-21T08:26:48.027