AnsweredHot!resolve hostname and ip address in vpn site to site

Author
Cruz2019
New Member
  • Total Posts : 18
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/20 13:59:23
  • Status: offline
2021/08/24 12:19:42 (permalink) 6.4
0

resolve hostname and ip address in vpn site to site

Hi, I have a site-to-site vpn set up between 2 fortigates:
Site A Fortigate 300E and site B Fortigate 60F, and I was able to fill the vpn and the communication between both sites.
When I connect to a computer at site A from site B I can do it without problems through the IP, but for security reasons I want them to be able to communicate through the host name.
In site A all my computers belong to a domain (mycompany.com.mx) but in my site B the computers are not within a domain.
Is it possible to get site B computers to access site A computers by hostname and not just by IP?
I hope you can help me
Thank you
#1
bhuo
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2021/05/24 19:19:05
  • Status: offline
Re: resolve hostname and ip address in vpn site to site 2021/08/25 22:38:39 (permalink)
0
Hi,
 
Site B computers need to be able to access a none domain joined DNS server via s2s VPN.
For example if you are able to add those A records to Fortigate and set up Fortigate address as DNS address for Site B computer to use, it may solve your case, good luck.
 
Thanks,
 
BH
#2
ac
Bronze Member
  • Total Posts : 36
  • Scores: 4
  • Reward points: 0
  • Status: offline
Re: resolve hostname and ip address in vpn site to site 2021/08/26 00:54:33 (permalink) ☼ Best Answerby Cruz2019 2021/08/26 08:25:38
5 (1)
You have two ways:
  1. Configure the DHCP in site B with DNS from the domain A - in this case any DNS request go through the tunnel VPN. In site A you must add the network of site B to AD Site and Services.
  2. Configure the DHCP in site B with DNS the FGT B - Enable the relay DNS for the request with domain mycompany.com.mx to the DNS in site A
    1. Enable DNS Server in FGT B (System > Feature Visibility > Additional Features > DNS Database)
    2. From Network > DNS Servers configure DNS Zone with domain name .com.mx, enable DNS Forwarder and set ip of DNS in site A
    3. Select in DHCP Server DNS Server "Same as interface IP"
#3
Cruz2019
New Member
  • Total Posts : 18
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/20 13:59:23
  • Status: offline
Re: resolve hostname and ip address in vpn site to site 2021/08/26 08:29:06 (permalink)
0
In my site B, I have an interface such as LAN 192.168.xx.xx, and within this same interface I have created a VLAN (172.16.xx.xx) to all the equipment in site B I assigned a fixed IP of this VLAN, then Is it necessary to change this VLAN so that it assigns DHCP to the computers and put the DNS of missite A?
#4
ac
Bronze Member
  • Total Posts : 36
  • Scores: 4
  • Reward points: 0
  • Status: offline
Re: resolve hostname and ip address in vpn site to site 2021/08/26 08:43:02 (permalink)
1 (1)
if you have assigned the static ip you must modify manually the dns of clients with DNS Server of site A.
#5
Cruz2019
New Member
  • Total Posts : 18
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/20 13:59:23
  • Status: offline
Re: resolve hostname and ip address in vpn site to site 2021/08/26 08:52:57 (permalink)
0
If I assign DNS from site A to the computers from site B, internet access is lost, right now I have them configured with google DNS 8.8.8.8 and 8.8.4.4 and in this way they give me internet access and I also have access to the computers of my site A but through IP and what I want is to be able to access through the name of the computers.
#6
ac
Bronze Member
  • Total Posts : 36
  • Scores: 4
  • Reward points: 0
  • Status: offline
Re: resolve hostname and ip address in vpn site to site 2021/08/26 08:58:19 (permalink)
5 (1)
Have you created a policy in firewall B and firewall A to be able to pass DNS traffic?
The VPN Phase 2 have the subnet for reach DNS Servers?
The routing to VPN in both side is ok? 
 
#7
Cruz2019
New Member
  • Total Posts : 18
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/20 13:59:23
  • Status: offline
Re: resolve hostname and ip address in vpn site to site 2021/08/27 08:32:51 (permalink)
0
I have the corresponding policies and I have phase 2 configured to access my DNS from site A, in the static routes I have doubts.
In my site B I have 3 static routes, one I have as a destination my DNS and another subnet that I want to access, and one towards the internet, but in site A I do not have these policies
#8
ac
Bronze Member
  • Total Posts : 36
  • Scores: 4
  • Reward points: 0
  • Status: offline
Re: resolve hostname and ip address in vpn site to site 2021/08/27 08:49:56 (permalink)
5 (1)
In site A you must have a route like this:
Destination: subnet B
Gateway: VPN Site to Site to B (Interface VPN)
Distance: 10
Status: Enabled
 
Without this route the DNS Server does not respond to client in site B.
#9
Cruz2019
New Member
  • Total Posts : 18
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/20 13:59:23
  • Status: offline
Re: resolve hostname and ip address in vpn site to site 2021/08/27 09:01:03 (permalink)
0
I will make these changes and share the results.
#10
Jump to:
© 2021 APG vNext Commercial Version 5.5