DNS Using an Azure Point to Site VPN from my desktop. (DNS Private Zones)

Welcome Forums General PowerShell Q&A DNS Using an Azure Point to Site VPN from my desktop. (DNS Private Zones)

This topic contains 3 replies, has 3 voices, and was last updated by

 
Participant
3 weeks, 4 days ago.

  • Author
    Posts
  • #179301

    Participant
    Topics: 26
    Replies: 59
    Points: 96
    Rank: Member

    I have a point to site VPN setup into a hub and spoke designed private network.

    I can see in my routing tables on my desktop, I can see all the networks of the hub and the spokes.

    I can not ping any of these servers with the FQDN. I can ping with the IP's.

    If I ssh onto a server in the hub, I can ping all the servers using the FQDN's.
    In other words, i am getting DNS resolution from a server on the private network, but not my desktop which is connected via VPN.

    Any idea how I can get this to work from my desktop across the VPN in Azure?
    Am I supposed to be able do access the Azure DNS Private Zones, or DNS for my networks in Azure?
    If so, how do I make it work?

    PS C:\> ping cnt-inbound-01.prod.dom.local                               
    Ping request could not find host cnt-inbound-01.prod.dom.local. Please check the name and try again.
    PS C:\> nslookup cnt-inbound-01.prod.dom.local                            
    Server:  UnKnown
    Address:  192.168.1.1 
  • #179307

    Participant
    Topics: 1
    Replies: 19
    Points: 52
    Helping Hand
    Rank: Member

    This definitely looks like a name resolution problem (i.e. not really a Powershell problem). If I VPN into the site of my servers the VPN connection gives me the IP address of a DNS server that can resolve internal names. I assume that is not the case for your VPN connection, maybe you should discuss this with the admin of the server/device that provides the VPN connection?

    Regards,

    Kris.

  • #179400

    Participant
    Topics: 0
    Replies: 113
    Points: 420
    Helping Hand
    Rank: Contributor

    Have you verified the network security groups are configured to allow you to access from the VPN? I agree with Kris, you would need to speak with the admin for your Azure Tenant/Subscription to verify ACLs (network security groups) are configured to allow connection from the VPN connection.

     

     

  • #179718

    Participant
    Topics: 26
    Replies: 59
    Points: 96
    Rank: Member

    We are talking specifically about Azure Point to Site VPN, it is a product provided by Azure. So I am looking for someone who knows how this is supposed to work. I have complete control over the environment. The way it works is once you have configured your different networks and configured peering between the networks, then you download a vpn client from the Network Gateway that enables you to connect and puts a dll on your workstation that configures all the routing tables so you can access everything via IP. I have added DNS Private Zones, which is new to Azure. Each zone has links to the other zones so they can resolve FQDN's from each serer to each network. I want to know if it is supposed to work over the VPN? If, so, how do I make it work. I have coded out standing up all of this with PowerShell. But yes, it is an Azure question. I see one article out there where it says you have to download the vpn client after the DNS configuration, I have done that with no effect.

You must be logged in to reply to this topic.