04-18-2013 05:42 AM - edited 02-21-2020 06:49 PM
Hello Support Community,
I have a question that I'm hoping I can get some help on, is there a way to add multiple dns search domains or dns suffix search list for anyconnect VPN anyconnect clients? I'm only able to speficy a single domain name on the connection profile, any information is appreciated. I tried using the comma but that isn't allowed.
04-25-2013 08:59 AM
Hi Delmiro,
I have this same issue, and as far as I know there's no way around this behaviour.
Here's the workaround I use: I tell VPN users who need to access resources on the other domain to use the FQDN - this way when the request hits the DNS server, it knows to forward it to another zone. If users type in the shortname (ie. server01) without the domain, the VPN client adds the default suffix and they never get a DNS response.
HTH,
Greg
04-25-2013 09:14 AM
Hi Greg,
I ended up using split-dns which basically acommplished the same exact thing for me. I don't have to use the FQDN.
http://www.cisco.com/en/US/docs/security/asa/asa83/command/reference/s8.html#wp1560462
here is what I got
No split-dns
C:\Users\Delmiro>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : PC1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
with split-dns
C:\Users\Delmiro>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : PC1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.com
yourdomain.com
myotherdomain.com
mybrodomain.com
give it a try, let me know how it works for you.
Thanks,
Delmiro
02-22-2016 09:09 AM
I have the same issue, have two different domains (one I'm migrating off of and the one I'm migrating to). The one I'm trying to migrate to is a parent/child domain structure. I need my VPN users to be able to get to ALL DNS suffixes. The link above does not work- it 404's then goes to a page that does not explain how to configure split-dns. My outsourced network management team says that it's not possible. The multiple DNS suffixes are in my Group Policy and any machines on the wired network pick them up and are resolved correctly, but it does not pass to the VPN clients.
Any help would be appreciated. Many thanks in advance!
05-19-2016 09:59 AM
I have just done this and it works fine for me.
You need to enable split tunneling using include networks, not exclude. If you do not do split tunneling it won't work I don't think.
You then need to disable send all DNS queries across VPN link by disabling split-tunnel-all-dns under the group policy.
Then specify the domains with split-dns value mydomain.com myotherdomain.com
Reference: http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect42/b_AnyConnect_Administrator_Guide_4-2/configure-vpn.html#ID-1428-000003c6
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide