cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
28299
Views
0
Helpful
5
Replies

Problem : ASA VPN issue can't resolve name from local DNS

khahodeka
Level 1
Level 1

vpn-dns-issue.png

Cisco ASA VPN issue can't resolve name from local DNS

If i connect via LAN i can resolve name from DNS server normaly but when i connect vpn via internet

case 1 connect vpn use split tunnel for internal ip connect to tunnel and internet serf via local internet [can resolve form dns of connected internet ]

C:\>nslookup normanxak.local

*** Can't find server name for address 192.168.1.2: Non-existent domain
*** Can't find server name for address 192.168.1.18: Non-existent domain
Default Server:  dns1.asianet.co.th
Address:  203.144.207.29

*** dns1.asianet.co.th can't find normanxak.local: Non-existent domain

case 2 connect vpn no use split tunnel

C:\>nslookup
*** Can't find server name for address 192.168.1.2: Non-existent domain
*** Can't find server name for address 192.168.1.18: Non-existent domain
Default Server:  dns1.asianet.co.th
Address:  203.144.207.29

> normanxak.local
Server:  dns1.asianet.co.th
Address:  203.144.207.29

Name:    normanxak.local
Addresses:  192.168.1.18, 192.168.1.17, 192.168.1.2

thank u for best support

5 Replies 5

hdashnau
Cisco Employee
Cisco Employee

In the group-policy you have split-dns setup as "split-dns value 192.168.1.2 192.168.1.18" This is incorrect.The values for the split-dns setting should not be IP addresses -- they need to be the internal domain name that you want to resolve over the tunnel. For example if I wanted my dns request for myhost.cisco.com to go over the tunnel and everything else (like xxxx.google.com or xxxx.yahoo.com) to use my normal Internet DNS server, in the group policy I would have "split-dns value cisco.com"

-heather

now i remove "

split-dns value 192.168.1.2 192.168.1.18 "

but i can't solve name same...

group-policy BO2VPN internal

group-policy BO2VPN attributes

dns-server value 192.168.1.2 192.168.1.18

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value BO2VPN_splitTunnelAcl

group-policy BO3VPN internal

group-policy BO3VPN attributes

dns-server value 192.168.1.2 192.168.1.18

vpn-tunnel-protocol IPSec

khahodeka wrote:

now i remove "

split-dns value 192.168.1.2 192.168.1.18 "

but i can't solve name same...

I don't think he meant for you to remove the statement, but instead replace it with:

"split-dns value domain1.local domain2.local"

KimEriksen
Level 1
Level 1

Hello,

Try set "asianet.co.th" to default domain under your vpn policy

Kim Eriksen

Field Engineer

Infolink ApS

Kim Eriksen, the solution worked wor me thanks

Regards

Nitin Mohan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: