Hello.

I'm trying to setup a ikev2 VPN server on ASR(CSR) router with EAP Auth.

I've come to point where Android AnyConnect client is able to connect and ping internal resources via VPN and external resources via it's own connection (WiFi), but i have faced the issue when no DNS is working.

Android device uses DNS provided by WiFi and i do not push any DNS settings via VPN. Here is my config:

aaa authentication login default local
aaa authentication login IKEV2 group radius
aaa authentication ppp default local
aaa authorization console
aaa authorization exec default local
aaa authorization network default none
aaa authorization network IKEV2_AUTHOR local
aaa accounting network default none
!
crypto pki trustpoint TP
 revocation-check none
 rsakeypair TP
!
!
crypto pki certificate chain TP
 certificate 00E41264991977340C
 ...
!
username ppptest privilege 0 password 7 00140316105E1812
!
!
crypto ikev2 authorization policy POL
 pool ipsec_pool
 netmask 255.255.255.255
 route set remote ipv4 10.2.0.0 255.255.0.0
!
crypto ikev2 proposal default
 encryption aes-cbc-256 aes-cbc-192 aes-cbc-128 3des
 integrity sha512 sha384 sha256 sha1 md5
 group 5 2 14 15 16 19
!
!
!
crypto ikev2 profile PR
 match identity remote any
 authentication remote eap query-identity
 authentication local rsa-sig
 pki trustpoint TP
 nat keepalive 60
 aaa authentication eap IKEV2
 aaa authorization group eap list IKEV2_AUTHOR POL
 aaa authorization user eap cached
 virtual-template 2
!
interface Loopback1
 ip address 10.2.1.1 255.255.255.255
!
interface GigabitEthernet2.11
 encapsulation dot1Q 11
 ip address 10.0.11.94 255.255.255.0
!
interface Virtual-Template2 type tunnel
 ip unnumbered Loopback1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile PROF
!
ip local pool ipsec_pool 10.2.3.1 10.2.3.254
!
radius server rad
 address ipv4 10.0.11.101 auth-port 1812 acct-port 1813
 key 7 110A1016141D0805172924
!

Any thoughts?