DNS problem in Anyconnect client

Brendan Wood · ‎07-26-2012

I configured the Anyconnect vpn on the ASA device and I enabled split tunneling with ACE rules to tunnel traffic that matches my INTERNAL and DMZ networks.

I set the DNS server to my ISP's provider.

I can't seem to get any dns when connected with a client, only workaround I have is to put my DNS to 8.8.8.8 and it will work.

My goal is I would like to use either the dns of the client, or send dns through my asa and use my internal dns.

I don't want to put DNS1 as my ISP's, and DNS2 as a public DNS... I find it messy.

I've provided print screens to show my set up with ASDM.

Maykol Rojas · ‎07-27-2012

Brendan,

So you dont want your DNS to be tunneled is that correct?

Mike

Brendan Wood · ‎07-27-2012

Yeah I'm asking 2 things here. I want to learn how to do this both ways.

First of all, How can I tunnel that dns request so it hits my isp's server through my own network? My ISP's dns's are only accessible to people directly on the network so I assume it needs to be tunnelled and natted or something like that.

Also, is there a way to set up the vpn so that my client will use it's own dns it was using prior to connecting to easyvpn? Eg: if I was on a cell phone using the cell phone provider's dns, I want to still use the same dns and tunnel only my lan/dmz traffic.

Thanks.

Ramraj Sivagnanam Sivajanam · ‎07-28-2012

Hi Bro

You'll need to enable the split dns command available in your Cisco ASA FW. Here's a sample

group-policy NETWORK_ADMIN attributes

dns-server value 10.10.10.4 202.188.1.5

split-tunnel-policy tunnelspecified

split-tunnel-network-list value ACL_NETWORK_ADMIN

default-domain value cisco.com

split-dns value cisco.com

P/S: If you think this comment is helpful, please do rate them nicely :-)

Warm regards,
Ramraj Sivagnanam Sivajanam