Hi All,
Have the below setup. The VPN is established & the laptop can ping all the servers, including the DNS 12.12.12.34 and all other servers behind the CheckPoint firewall. However when trying to reach (ping) those same server using their DNS/hostname, it fails, nslookup does not work for that DNS server 12.12.12.34 from the laptop either. This DNS server resolves fine for other networks connected via another VPN.
Laptop can ping the DNS server and CheckPoint has any/any rule to allow DNS queries.
The Meraki doesn’t have any firewall rules configured, is there something obvious I should be looking for on either side?
If other suggestions haven’t fixed it already look at the dns metric on your vpn tunnel.
Somewhere under tcp ip settings, advanced I think.
May also want to set the dns suffix in same place.
We occasionally have to do this for seemingly random machines - it’s not universal.
@minnesoootaNice thank you, this fixed my issue.
We had this problem when we upgraded to 15.42. Took a month working with support. Turns out that I had enabled Umbrella somehow in the general section and it was sending all DNS queries to that. Umbrella wasn’t setup so the packets were getting dropped when it went back into our MX. We disabled the Umbrella integration and boom, internal DNS began working again.
Not sure if this is the same situation but it sounds similar. Best of luck!
suggestions haven’t fixed it
Thank you for suggestion.
Where would I look at these DNS settings, on the Meraki Dashboard VPN itself? I cannot find anything under Site-to-Site VPN > Non-Meraki VPN peer section…
On the windows client unfortunately. It’s not a Meraki setting. It’s down to how Windows 10 ‘automatically’ works out which dns settings to use.
Your wired/wifi network adapter will have some dns settings probably via dhcp, and your vpn tunnel adapter will have its own.
If my suggestion is right, Windows is choosing the wrong set. (I don’t use Linux so no idea if it had equivalent issues)
Altering the metric (set vpn to lower number) forces windows to try vpn dns server first.
tup so the packets were ge
Thank you, that is a great idea to look at!
