07-26-2012 10:09 PM - edited 03-11-2019 04:35 PM
I configured the Anyconnect vpn on the ASA device and I enabled split tunneling with ACE rules to tunnel traffic that matches my INTERNAL and DMZ networks.
I set the DNS server to my ISP's provider.
I can't seem to get any dns when connected with a client, only workaround I have is to put my DNS to 8.8.8.8 and it will work.
My goal is I would like to use either the dns of the client, or send dns through my asa and use my internal dns.
I don't want to put DNS1 as my ISP's, and DNS2 as a public DNS... I find it messy.
I've provided print screens to show my set up with ASDM.
07-27-2012 12:32 AM
Brendan,
So you dont want your DNS to be tunneled is that correct?
Mike
07-27-2012 07:59 AM
Yeah I'm asking 2 things here. I want to learn how to do this both ways.
First of all, How can I tunnel that dns request so it hits my isp's server through my own network? My ISP's dns's are only accessible to people directly on the network so I assume it needs to be tunnelled and natted or something like that.
Also, is there a way to set up the vpn so that my client will use it's own dns it was using prior to connecting to easyvpn? Eg: if I was on a cell phone using the cell phone provider's dns, I want to still use the same dns and tunnel only my lan/dmz traffic.
Thanks.
07-28-2012 08:31 PM
Hi Bro
You'll need to enable the split dns command available in your Cisco ASA FW. Here's a sample
group-policy NETWORK_ADMIN attributes
dns-server value 10.10.10.4 202.188.1.5
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ACL_NETWORK_ADMIN
default-domain value cisco.com
split-dns value cisco.com
P/S: If you think this comment is helpful, please do rate them nicely :-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide