- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2019 11:45 PM - edited 09-11-2019 12:57 AM
Hello,
Let's say we split the internet traffic from the rest in ANY Connect, and let's say we don't want to use our ASA's network DNS Server to resolve internet domains but we wanna use it to resolve internal domain names, so how should we achieve that? What dns server should we put for ANY connect client in this way(ofc we still want the client to have access to the internet)? maybe a backup dns?
Thx
Solved! Go to Solution.
- Labels:
-
Other Security Topics
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-11-2019 07:39 AM
You typically have a config like this:
group-policy VPN-TEST attributes dns-server value 10.10.10.53 split-tunnel-policy tunnelspecified split-tunnel-network-list value VPN-INTERN split-dns value example.intern
The split-tunnel only sends internal traffic through the VPN. And the split-dns-config only resolves all "example.intern" queries through 10.10.10.53 and all the rest through the configured DNS on the client.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-11-2019 07:39 AM
You typically have a config like this:
group-policy VPN-TEST attributes dns-server value 10.10.10.53 split-tunnel-policy tunnelspecified split-tunnel-network-list value VPN-INTERN split-dns value example.intern
The split-tunnel only sends internal traffic through the VPN. And the split-dns-config only resolves all "example.intern" queries through 10.10.10.53 and all the rest through the configured DNS on the client.
