cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

606
Views
0
Helpful
12
Replies
Highlighted
Beginner

DNS Problem

We just setup a new config on the ASA.  We cannot get on the internet with the group "services" for full tunnel when using Cisco VPN client. We can get to Google by IP address.  But, we cannot get to Google by typing Google.com.  Do you have any suggestions?  Attached is the config.

Thanks.

Laura

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: DNS Problem

The followings are the DNS servers configured for group services:

208.29.1.8

208.29.1.1

Do these 2 internal DNS servers resolve external DNS as well?

The reason why the split tunnel group works is because they will use the ISP provided DNS to reach the external websites. However, with the no split tunnel group (tunnelall group), it is relying on the internal DNS to also resolve external URLs.

View solution in original post

12 REPLIES 12
Cisco Employee

Re: DNS Problem

The followings are the DNS servers configured for group services:

208.29.1.8

208.29.1.1

Do these 2 internal DNS servers resolve external DNS as well?

The reason why the split tunnel group works is because they will use the ISP provided DNS to reach the external websites. However, with the no split tunnel group (tunnelall group), it is relying on the internal DNS to also resolve external URLs.

View solution in original post

Beginner

Re: DNS Problem

Jennifer,

Yes, these DNS servers resolve external DNS.  Can you think of anything else?

Thanks.

Laura

Cisco Employee

Re: DNS Problem

When you  perform "nslookup" for google.com, can you please confirm that it uses either of the 2 DNS servers defined?

Beginner

Re: DNS Problem

Here is the result of NSLOOKUP.  Thanks.

Microsoft Windows [Version 6.1.7601]

Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\win7>nslookup

Default Server: xxx.consoto.com

Address: 208.29.1.8

>

Cisco Employee

Re: DNS Problem

Can you please type in www.google.com at the prompt, and share the output. Thanks.

Beginner

Re: DNS Problem

Here is the result of NSLOOKUP.  Thanks.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.


C:\Users\win7>nslookup
Default Server:  xxx.consoto.com
Address:  208.29.1.8

> google.com
Server:  xxx.consoto.com
Address:  208.29.1.8

*** xxx.consoto.com can't find google.com: Query refused
> 74.125.224.221
Server:  xxx.consoto.com
Address:  208.29.1.8

*** xxx.consoto.com can't find 74.125.224.221: Query refused

Cisco Employee

Re: DNS Problem

Sounds like a DNS server issue instead of ASA.

You might want to check if the DNS server is allowing your vpn pool subnet to perform DNS lookup for external hosts.

Cisco Employee

Re: DNS Problem

Here article from Microsoft support that confirms the same:

http://support.microsoft.com/kb/200525

(PS: search on "Query refused")

Beginner

Re: DNS Problem

Thanks for link, Jennifer.  I will check out the link.

Laura

Beginner

Re: DNS Problem

Thanks Jennifer.  I will check with my DNS administrator.  I will get back to you tomorrow if I have any more questions and rate the posts.

Thanks again.

Laura

Beginner

Re: DNS Problem

Jennifer,

For whatever reason, the full tunnel is now working.  I am now able to get to the internet.  I am so embarrased!!!  For the last 3 days, I was not able to get on the internet.  Thanks so much for your time.  I appreciate you are taking time to help me out.

 

Thanks.

Laura

Cisco Employee

Re: DNS Problem

Great to hear it's working, Laura. Thanks for the update and rating.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here