Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1097
Views
5
Helpful
1
Replies

DNS/Split Tunnel

Go to solution
George-Sl
Level 1
Level 1

‎09-10-2019 11:45 PM - edited ‎09-11-2019 12:57 AM

Hello,

 

Let's say we split the internet traffic from the rest in ANY Connect, and let's say we don't want to use our ASA's network DNS Server to resolve internet domains but we wanna use it to resolve internal domain names, so how should we achieve that? What dns server should we put for ANY connect client in this way(ofc we still want the client to have access to the internet)? maybe a backup dns?

 

Thx

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎09-11-2019 07:39 AM

You typically have a config like this:

group-policy VPN-TEST attributes
 dns-server value 10.10.10.53
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value VPN-INTERN
 split-dns value example.intern

The split-tunnel only sends internal traffic through the VPN. And the split-dns-config only resolves all "example.intern" queries through 10.10.10.53 and all the rest through the configured DNS on the client.

 

View solution in original post

1 Reply 1

Go to solution
Karsten Iwen
VIP
VIP

‎09-11-2019 07:39 AM

You typically have a config like this:

group-policy VPN-TEST attributes
 dns-server value 10.10.10.53
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value VPN-INTERN
 split-dns value example.intern

The split-tunnel only sends internal traffic through the VPN. And the split-dns-config only resolves all "example.intern" queries through 10.10.10.53 and all the rest through the configured DNS on the client.

 

Customers Also Viewed These Support Documents