Hi All
I have a 1811 configured with ezvpn in nem connecting to a 2921.
The connection establishes perfectly, the split-network works and I can access all systems withing the internal network. DNS on the 1811 works for the ISP and if I do an nslookup on the remote dns servers from a client that the 1811 it works.
My configuration is as follows, things in [] have been changed for security
The group section of the 2921 router is set as
crypto isakmp client configuration group [mygroupname]
key [mysetkey]
dns 10.242.1.6 10.242.1.5
domain office.pegasustech.com.au
pool pegasus-pool
acl PEGASUSSTAFFREMOTE-access
save-password
split-dns office.pegasustech.com.au
split-dns pegasustech.com.au
max-users 10
The relevant configuration on the 1811 is
crypto ipsec client ezvpn pegasus-connect
connect auto
group [mygroupname] key [mysetkey]
mode network-extension
peer [mypeerip]
username [myusername] password [mypassword]
xauth userid mode local
When the vpn connects with the following debug
debug ip dns name-list
debug ip dns view
debug ip dns view-list
the output is
Feb 3 15:28:47.791 Sydney: %CRYPTO-6-EZVPN_CONNECTION_UP: (Client) User=[myusername] Group= [mygroupname] Client_public_addr=192.168.1.9 Server_public_addr=[mypeerip] NEM_Remote_Subnets=10.242.129.0/255.255.255.0
Feb 3 15:28:47.791 Sydney: DNS_VIEW: creating view ezvpn-internal-view
DNS_VIEW: Setting domain name-server 10.242.1.6 10.242.1.5 in view ezvpn-internal-view
Feb 3 15:28:47.791 Sydney: DNS_NAMELIST: adding permit 'OFFICE.PEGASUSTECH.COM.AU' to name-list 1
Feb 3 15:28:47.791 Sydney: DNS_NAMELIST: adding permit 'PEGASUSTECH.COM.AU' to name-list 1
Feb 3 15:28:47.791 Sydney: DNS_VIEWLIST: creating view-list ezvpn-internal-viewlist internal
Feb 3 15:28:47.791 Sydney: DNS_VIEWLIST: adding member ezvpn-internal-view order 10 to view-list ezvpn-internal-viewlist
Feb 3 15:28:47.791 Sydney: DNS_VIEWLIST: adding member default order 20 to view-list ezvpn-internal-viewlist
Feb 3 15:28:47.791 Sydney: DNS_VIEWLIST: setting internal internal view-list ezvpn-internal-viewlist on interface BVI1
pegasus-casey-01(config-crypto-ezvpn)#
DNS_VIEW: Setting domain name-server 10.242.1.6 10.242.1.5 in view ezvpn-internal-view
Feb 3 15:28:58.271 Sydney: DNS_NAMELIST: adding permit 'OFFICE.PEGASUSTECH.COM.AU' to name-list 2
Feb 3 15:28:58.271 Sydney: DNS_NAMELIST: adding permit 'PEGASUSTECH.COM.AU' to name-list 2
Feb 3 15:28:58.271 Sydney: DNS_NAMELIST: removing name-list 2
DNS_VIEW: Setting domain name-server 10.242.1.6 10.242.1.5 in view ezvpn-internal-view
Feb 3 15:28:58.271 Sydney: DNS_NAMELIST: adding permit 'OFFICE.PEGASUSTECH.COM.AU' to name-list 2
Feb 3 15:28:58.271 Sydney: DNS_NAMELIST: adding permit 'PEGASUSTECH.COM.AU' to name-list 2
Feb 3 15:28:58.271 Sydney: DNS_NAMELIST: removing name-list 2
The name-list is visible
pegasus-casey-01#show ip dns name-list
ip dns name-list 1
permit OFFICE.PEGASUSTECH.COM.AU
permit PEGASUSTECH.COM.AU
The view list is empty, i beleve it should show ezvpn-internal-view
#show ip dns view-list
#
And the show views only shows the default view
show ip dns view
DNS View default parameters:
Logging is off
DNS Resolver settings:
Domain lookup is enabled
Default domain name: casey.pegasustech.com.au
Domain search list:
Lookup timeout: 3 seconds
Lookup retries: 2
Domain name-servers:
192.168.1.1
DNS Server settings:
Forwarding of queries is enabled
Forwarder timeout: 3 seconds
Forwarder retries: 2
Forwarder addresses:
With the vpn enabled, nslookup for www.pegasustech.com.au returns failed
the 1811 router shows
DNS View ezvpn-internal-view used for client 10.242.129.20/51934, querying A 'www.pegasustech.com.au'
However when I disconnect the name list and view list seem to be being deleted
Feb 3 15:57:57.478 Sydney: DNS_VIEWLIST: deleting view-list ezvpn-internal-viewlist
Feb 3 15:57:57.478 Sydney: DNS_VIEW: deleting view ezvpn-internal-view
Feb 3 15:57:57.478 Sydney: DNS_NAMELIST: removing name-list 1
Feb 3 15:57:57.478 Sydney: DNS_VIEWLIST: removing internal view-list on interface BVI1
Feb 3 15:57:57.478 Sydney: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User=[myusername] Group= [mygroupname] Client_public_addr=192.168.1.9 Server_pu
It all looks to be working, except there is no ezvpn-internal-view active
Anyone got any ideas ?
Thanks in advance
Mark
