Re: Cisco Anyconnect local users not getting dns assigned to pool

Jeffrey Jones · ‎03-29-2020

We have a customer that is trying to get emergency client vpn setup, purchased additional ASA 5508-X just for VPN connectivity.
IP Pool is working just fine, however DNS server ip addresses are not populating in to the client,

Customer needs all users to route through the vpn to get back to internet, that is also not working.

Any help would be greatly appreciated.

Rob Ingram · ‎03-29-2020

Hi,

You would define the DNS server under the group-policy E.g:-

group-policy RAVPN_GP attributes
 dns-server value 192.168.10.5

Check your group-policy configuration, ensure the users are actually receiving the group-policy "show vpn-sessiondb detail anyconnect" - run this command when a user is logged in to the VPN.

Upload your configuration if you need further assistance and the output of "show vpn-sessiondb detail anyconnect".

HTH

Cristian Matei · ‎03-30-2020

Hi,

Ensure you group-policy configuration is similar to the following, first option is for Local Lan Access enabled, second option does not allows Local Lan Access:

FIRST:

access-list TEST permit host 0.0.0.0

!

group-policy TEST internal

group-policy TEST attributes

dns-saver value 1.1.1.1 2.2.2.2

split-tunnel-policy excludespecified

split-tunnel-network-list value TEST

split-tunnel-all-dns enable

SECOND:

group-policy TEST internal

group-policy TEST attributes

dns-saver value 1.1.1.1 2.2.2.2

split-tunnel-policy tunnelall

split-tunnel-all-dns enable

1. Ensure that traffic between your internal resources and VPN Client pool is exempted from NAT:

nat (inside,outside) 1 source static INTERNAL_LAN INTERNAL_LAN destination static VPN_POOL VPN_POOL no-proxy-arp

2. If you want to allow Internet access through the VPN tunnel, through the same device that terminates the VPN tunnel:

same-security-traffic permit intra-interface

!

object network VPN_POOL

subnet x.x.x.x x.x.x.x

nat (outside,outside) dynamic interface

Regards,

Cristian Matei.