*** THIS IS MY FIRST POST SO I DO NOT KNOW IF THIS IS THE CORRECT GROUP. IF IT IS NOT KINDLY POINT ME TO THE PROPER GROUP. ****

I have this Asa configured except when the AnyConnect client connects I can not get to resolve DNS. It doesnt matter if I use our internal DNS server or a public one. I cant get to the inside networks just fine withe the VPN. The only piece missing is DNS name resolution. The NAT for the VPN expressed in CLI form here:

nat (Exadata,outside) source static any any destination static NETWORK_OBJ_10.11.10.0_27 NETWORK_OBJ_10.11.10.0_27 no-proxy-arp route-lookup

Does not allow for the DNS keyword to be appended to the command. I am quite sure I am missing something small here. I have included parts of the configuration that might be pertinent:

ip local pool VPN_Pool 10.11.10.2-10.11.10.25 mask 255.255.255.0

!

interface GigabitEthernet0/0

 nameif outside

 security-level 100

 ip address 12.X.X.X 255.255.255.240 

!

interface GigabitEthernet0/1

 nameif Exadata

 security-level 50

 ip address 10.16.10.1 255.255.255.0 

!             

interface GigabitEthernet0/2

 nameif Netezza

 security-level 50

 ip address 192.168.8.1 255.255.255.0 

!

interface GigabitEthernet0/3

 nameif DNS

 security-level 50

 ip address 10.10.10.1 255.255.255.0 

!

...

dns domain-lookup outside

dns domain-lookup Exadata

dns domain-lookup Netezza

dns domain-lookup DNS

dns server-group DefaultDNS

 name-server 10.10.10.26

 name-server 8.8.8.8

 domain-name pjnatexa.com

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object network NETWORK_OBJ_10.11.10.0_27

 subnet 10.11.10.0 255.255.255.224

 description VPN Network

object-group service services1 tcp-udp

 description DNS Group

 port-object eq domain

access-list DNS_access_in extended permit ip any any 

...

user-identity default-domain LOCAL

aaa authentication ssh console LOCAL 

...

webvpn

 enable outside

 enable Exadata

 enable Netezza

 enable DNS

 anyconnect image disk0:/anyconnect-linux64-4.10.02086-webdeploy-k9.pkg 1

 anyconnect image disk0:/anyconnect-macos-4.10.02086-webdeploy-k9.pkg 2

 anyconnect image disk0:/anyconnect-win-4.10.02086-webdeploy-k9.pkg 3

 anyconnect profiles AnyConnect_client_profile disk0:/AnyConnect_client_profile.xml

 anyconnect enable

 tunnel-group-list enable

 error-recovery disable

group-policy DfltGrpPolicy attributes

 banner value You are in the default policy

group-policy WEBVPN_Group_Polcy internal

group-policy GroupPolicy_AnyConnect internal

group-policy GroupPolicy_AnyConnect attributes

 banner value **** WARNING *****

 banner value This network is for the exclusive use of authorized parties by Natrinsic. All others should not attempt access

 wins-server none

 dns-server value 10.10.10.26

 vpn-tunnel-protocol ikev2 ssl-client 

 default-domain value pjnatexa.com

 webvpn

  anyconnect profiles value AnyConnect_client_profile type user

dynamic-access-policy-record DfltAccessPolicy

....

tunnel-group AnyConnect type remote-access

tunnel-group AnyConnect general-attributes

 address-pool VPN_Pool

 default-group-policy GroupPolicy_AnyConnect

tunnel-group AnyConnect webvpn-attributes

 group-alias AnyConnect enable

!

...

policy-map type inspect dns migrated_dns_map_1

 parameters

  message-length maximum client auto

  message-length maximum 1024

policy-map global_policy

 class inspection_default

  inspect dns migrated_dns_map_1 

  inspect ftp 

  inspect h323 h225 

  inspect h323 ras 

  inspect ip-options 

  inspect netbios 

  inspect rsh 

  inspect rtsp 

  inspect skinny  

  inspect esmtp 

  inspect sqlnet 

  inspect sunrpc 

  inspect tftp 

  inspect sip  

  inspect xdmcp 

!

service-policy global_policy global