DNS Not working through ipsec VPN

Question

I have a Sophos XG 85 v17 with a site-to-site vpn running to a Ubiquiti UDM Pro. The tunnel is working great despite DNS not resolving from either end through the tunnel. The XG subnet is 10.10.10.0/24 and the Ubiquiti subnet is 10.0.0.0/24. I can ping in both directions just fine but I cannot ping any DNS on the opposite side of the tunnel. The only way I have been able to accomplish it is by adding a record to the local hosts file on the windows machines and that is just not the way to accomplish this. So does anyone know how to actually accomplish this? I've tried adding a DNS host record on my Sophos but that didn't work. 
 
 Device to ping pinas on the Ubiquiti UDM Pro with IP of 10.0.0.2 
 
 Device to ping dmx on the Sophos XG 85 with IP of 10.10.10.240

Rachel Gomez · Answer

Solution If DNS Not working through ipsec VPN, check following steps: 
 1) Make sure to set DNS server properly when configuring SSL or IPsec VPN. In this example a server .abcd.local which resolves to 10.1.2.3 will be used. 2) Make sure to be able to ping using IP address, ping 10.1.2.3. 3) Confirm to ping using FQDN, ping server.abcd.local. 4) Check to ping using hostname, ping server. If not, add suffix into SSL and IPsec VPN configuration 5) Configuring DNS suffix in SSL and IPsec VPN configuration. 
 For SSL VPN. # config vpn ssl settings (settings) set dns-suffix abcd.local (settings) end For IPsec VPN. # config vpn ipsec phase1-interface (phase1-interface) edit <VPN TUNNEL NAME> (VPN TUNNEL NAME) set domain abcd.local (VPN TUNNEL NAME) end 
 Regards, 
 Rachel Gomez

DNS Not working through ipsec VPN

Top Replies