cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

2116
Views
0
Helpful
3
Replies
Brendan Wood
Beginner

DNS problem in Anyconnect client

I configured the Anyconnect vpn on the ASA device and I enabled split tunneling with ACE rules to tunnel traffic that matches my INTERNAL and DMZ networks.

I set the DNS server to my ISP's provider.

I can't seem to get any dns when connected with a client, only workaround I have is to put my DNS to 8.8.8.8 and it will work.

My goal is I would like to use either the dns of the client, or send dns through my asa and use my internal dns.

I don't want to put DNS1 as my ISP's, and DNS2 as a public DNS... I find it messy.

I've provided print screens to show my set up with ASDM.

3 REPLIES 3
Maykol Rojas
Cisco Employee

Brendan,

So you dont want your DNS to be tunneled is that correct?

Mike

Mike

Yeah I'm asking 2 things here.  I want to learn how to do this both ways.

First of all, How can I tunnel that dns request so it hits my isp's server through my own network?  My ISP's dns's are only accessible to people directly on the network so I assume it needs to be tunnelled and natted or something like that.

Also, is there a way to set up the vpn so that my client will use it's own dns it was using prior to connecting to easyvpn?  Eg:  if I was on a cell phone using the cell phone provider's dns, I want to still use the same dns and tunnel only my lan/dmz traffic.

Thanks.

Hi Bro

You'll need to enable the split dns command available in your Cisco ASA FW. Here's a sample

group-policy NETWORK_ADMIN attributes

dns-server value 10.10.10.4 202.188.1.5

split-tunnel-policy tunnelspecified

split-tunnel-network-list value ACL_NETWORK_ADMIN

default-domain value cisco.com

split-dns value cisco.com

P/S: If you think this comment is helpful, please do rate them nicely :-)

Warm regards,
Ramraj Sivagnanam Sivajanam
Create
Recognize Your Peers
Content for Community-Ad