Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
553
Views
0
Helpful
0
Comments

ASA 5560 AnyConnect - Internal DNS lookup needed before External lookup

Carl Fitzsimmons
Level 1
Level 1
‎06-28-2020 11:43 AM

I am attempting to see how to enable Internal DNS Lookup before External Lookup for AnyConnect connected users. I have looked at this link https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115753-dns-doctoring-asa-config.html#topic4 but I have not figured out how to setup NAT statements to enable DNS that would allow Internal DNS lookup before External DNS lookup.

We are using a 'VPN-Pool'

ip local pool VPN-Pool 10.8.40.200-10.8.40.220 mask 255.255.255.0

to set an address for VPN clients. DNS is enabled on Inside and Outside Interfaces. When you connect using AnyConnect you get nslookup responses for external sites but internal fails.

Figuring this out allows DNS Naming scheme we are using internally to be used when outside and VPN in.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents