Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
452
Views
0
Helpful
0
Replies

Unable to resolve dns after connect VPN

Chin
Level 1
Level 1

‎05-14-2013 05:09 PM - edited ‎03-11-2019 06:43 PM

Hi Guys,

Currently I have implemented a remote client vpn access in Cisco ASA 8.2.2 version. Once I connected to VPN connection, I have no doubt on access other dmz or internal servers except while I doing the nslookup for those server, it come out the external ip address but not internal ip address.

My DNS server is 172.16.102.100 & 172.16.102.51 and domain is private.local

Here I have attach my remote client vpn access config and hope anyone can help me on it.

access-list STL_VPN_SUPPORT standard permit 172.16.101.0 255.255.255.0

access-list STL_VPN_SUPPORT standard permit 172.16.102.0 255.255.255.0

access-list STL_VPN_SUPPORT standard permit 172.16.103.0 255.255.255.0

access-list STL_VPN_SUPPORT standard permit 172.16.105.0 255.255.255.0

access-list STL_VPN_SUPPORT standard permit 172.16.106.0 255.255.255.0

access-list STL_VPN_SUPPORT standard permit 172.16.107.0 255.255.255.0

access-list STL_VPN_SUPPORT standard permit 172.16.109.0 255.255.255.0

access-list STL_VPN_SUPPORT standard permit 172.16.110.0 255.255.255.0

access-list STL_VPN_SUPPORT standard permit 172.16.111.0 255.255.255.0

access-list STL_VPN_SUPPORT standard permit 172.16.113.0 255.255.255.0

access-list STL_VPN_SUPPORT standard permit 172.16.154.0 255.255.255.0

access-list STL_VPN_SUPPORT standard permit 172.16.151.0 255.255.255.0

access-list STL_VPN_SUPPORT standard permit 172.16.152.0 255.255.255.0

access-list STL_VPN_SUPPORT standard permit 172.16.153.0 255.255.255.0

access-list STL_VPN_SUPPORT standard permit 172.16.2.0 255.255.255.0

access-list firewall-internal_nat0_outbound extended permit ip any 172.16.204.0 255.255.255.0

username tommy password

username tommy attribute

service-type remote-access

crypto isakmp policy 20

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 86400

crypto isakmp enable firewall-ext-apnic

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto dynamic-map dyntppvpn 1 set transform-set ESP-AES-256-MD5 ESP-AES-256-SHA

crypto map firewall-ext-apnic_map 10 ipsec-isakmp dynamic dyntppvpn

crypto map firewall-ext-apnic_map 10 ipsec-isakmp dynamic dyntppvpn

crypto map firewall-ext-apnic_map interface firewall-ext-apnic

ip local pool BD_VPN_USER 172.16.204.1 – 172.16.204.127

group-policy BD_VPN_SUPPORT attributes

dns-server value 172.16.102.100 172.16.102.51

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value STL_VPN_SUPPORT

default-domain value private.local

vpn-filter value vpn-filter-support

banner value Your Authentication to  VPN Gateway was successful!!

tunnel-group BD_VPN_SUPPORT type ipsec-ra

tunnel-group BD_VPN_SUPPORT general-attributes

authentication-server-group LOCAL

address-pool BD_VPN_SUPPORT

default-group-policy BD_VPN_SUPPORT

tunnel-group BD_VPN_SUPPORT ipsec-attributes

pre-shared-key 123cisco

access-list rm_vpn extended permit ip any 172.16.204.0 255.255.255.0

access-list rm_vpn extended permit ip 172.16.204.0 255.255.255.0 any

class-map remote-vpn-user-class

match tunnel-group BD_VPN_USER

match access-list rm_vpn

policy-map global_policy

class remote-vpn-user-class

police output 500000 20000

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card