Hello everybody,
I have a Fortigate F60 device (v 7.2.10).
this Fortigate is implementing a conditional DNS for the Wi-Fi interface.
For some internal domain, I registered some DNS records:
192.168.1.1 is the router address.
Normally, everithing works, fine. If I try to ping one of the registered names (for example vpn.xxx.com):
10.1.0.1 replies to the echo request. 10.1.0.1 is the Fortigate address.
These are my network settings:
So far, so good. Now I try to connect via Cisco Secure Client to a VPN.
Regarding network settings, nothing has changed. My address is the same, Router address is the same, DNS address is the same. The interface is the same, so, if I ping the same address as before, I expect 10.1.0.1 to answer (as before), but now:
79.9.x.x is replying. Who is 79.9.x.x? Is the Fortigate WAN interface:
And the domain vpn.xxxx.com, if I put it into the browser, is not reacheable anymore, because I think DNS is not functioning correctly. What am I missing?
Thank you for your support!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
VPN clients often get a different DNS server IP assigned from their server. Are you sure this is not happening to you when you connect with tha Cisco client?
Try checking what's your current DNS server. In Windows you can do "nslookup vpn.yourdomain.com" and it will print out both the IP of the DNS server and the resolved IP for that domain. As far as I know, Macbooks should be able to do the same.
VPN clients often get a different DNS server IP assigned from their server. Are you sure this is not happening to you when you connect with tha Cisco client?
Try checking what's your current DNS server. In Windows you can do "nslookup vpn.yourdomain.com" and it will print out both the IP of the DNS server and the resolved IP for that domain. As far as I know, Macbooks should be able to do the same.
It's correct, I verified with nslookup. These are the results:
In VPN:
raffaeledipascale@MacBook-Pro-DiPascale ~ % nslookup vpn.x.com
Server: 10.20.10.115
Address: 10.20.10.115#53
Non-authoritative answer:
Name: vpn.x.com
Address: 79.9.x.x
raffaeledipascale@MacBook-Pro-DiPascale ~ % nslookup vpn.x.com
Server: 10.1.10.1
Address: 10.1.10.1#53
Name: vpn.x.com
Address: 10.1.0.1
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.