cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

ASA 5560 AnyConnect - Internal DNS lookup needed before External lookup

328
Views
0
Helpful
0
Comments
Carl Fitzsimmons
Beginner

I am attempting to see how to enable Internal DNS Lookup before External Lookup for AnyConnect connected users. I have looked at this link https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115753-dns-doctoring-asa-config.html#topic4 but I have not figured out how to setup NAT statements to enable DNS that would allow Internal DNS lookup before External DNS lookup.

We are using a 'VPN-Pool'

ip local pool VPN-Pool 10.8.40.200-10.8.40.220 mask 255.255.255.0

to set an address for VPN clients. DNS is enabled on Inside and Outside Interfaces. When you connect using AnyConnect you get nslookup responses for external sites but internal fails.

Figuring this out allows DNS Naming scheme we are using internally to be used when outside and VPN in.

Content for Community-Ad