Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Lmelim
New Contributor II

DNS Resolutions across VPN

Hey

I have an IPSEC VPN LAN-LAN up and running, but i cant ping other servers on the other side by name....I can only ping by IP.

I tried to follow the tech note below but the command SET DOMAIN is not avaiable on my FORTIGATE 7.0.3
https://community.fortinet.com/t5/FortiGate/Technical-Note-DNS-resolution-over-IPsec-SSL-VPN/ta-p/19...

How can i resolve names across IPSEC VPN?

4 REPLIES 4
btan
Staff
Staff

Hi Lmelim,

 

As per KB: The set domain command will be available only when mode-cfg is enabled.
Hence, you may need to "set mode-cfg enable" first

 

Refer: https://docs.fortinet.com/document/fortigate/7.0.3/cli-reference/371620/config-vpn-ipsec-phase1-inte...

 

Regards,
Bon
Lmelim
New Contributor II

Hey

even issuing the command SET MODE-CFG ENABLE the SET DOMAIN is not available.
Does this command is only available for remote IPSEC VPN or is available for SITE TO SITE IPSEC vpn?
I cant make it work my DNS resolution..

kcheng
Staff
Staff

The respective configuration only works for Dynamic VPN tunnel. If you are having a Site-to-Site VPN configuration, it is not possible to set the domain. From where do you want to ping the remote site server? If it is FortiGate, you can change the DNS setting in FortiGate, if you are trying to ping from the internal hosts, you can check if it is configured with an internal DNS server that can resolves the server name on the remote network.

Cheers,
Kayzie Cheng
Lmelim
New Contributor II

Hey

I found the solution.
It was the DNS Filter activated on the VPN FIREWALL RULE that somehow was blocking DNS response...
once it was disabled, the DNS resolution started to work fine.