Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1473
Views
0
Helpful
5
Replies

Anyconnect Internal DNS issue for FTD/FMC

riderfaiz
Level 1
Level 1

‎06-03-2020 09:30 AM

Hi everyone,

 

Hope you are all doing well and stay safe at home.

 

This is my first time to set up Anyconnect with FMC/FTD. So far it seems my configuration works but with one problem I can see.

I  used "REALM" so users can sign on by using their Active Directory accounts. However, the users can only access the servers by their IP but not the names.

In the GROUP POLICY, I did put in my internal DNS (objects with correct ip) there.  So what else do I miss?

 

Thank you for your help in advance.


Takami Chiro

1 person had this problem
Labels:
0 Helpful
5 Replies 5

Rob Ingram
VIP
VIP

‎06-03-2020 09:56 AM

Hi,
Are the DNS servers listed when you run "ipconfig /all" (assuming your clients are windows)?
Did you do define the "Default Domain" under the group policy?

HTH
0 Helpful

cgarringer
Level 1
Level 1
In response to Rob Ingram

‎06-03-2020 10:36 AM

In my case not all Group policies have the problem.   Group policy is assigned via Radius, and I had to create a new one for plant access.  The setup for DNS servers, and default domain is identical to the STDEMPMPLOYE policy but the user cannot access a SQL database  unless they  type in a fully qualified name, and cannot access a share on an AD server without an IP address.

0 Helpful

riderfaiz
Level 1
Level 1
In response to Rob Ingram

‎06-03-2020 04:13 PM

Hi thank you for replying to me.

 

when i do ipconfig /all, i can see my internal dns. When i do nslookup it points to my internal server... but if i tried to type in server1 or server1.mydomain.com it replied request time out.

 

besides my default domain there Is set w my active directory domain, mydomain.com

 

so what is the problem?

 

thank you

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to riderfaiz

‎06-03-2020 11:04 PM

Are you doing split tunnel or tunnel all? If split tunnel, is the address of the internal DNS server included in the tunneled networks?

In both cases does the internal DNS server know how (via its gateway of course) to reach the subnet of your VPN clients?

0 Helpful

riderfaiz
Level 1
Level 1
In response to Marvin Rhoads

‎06-04-2020 09:04 AM

Hi Marvin

 

thank you for your response. Yes i used split tunnel and only private networks in the tunnel. (I do not want End user home internet using the vpn)

 

for the second part...  In my case my vpn address pool is 10.10.10.1-128/24 and my lan is 10.10.x.x /23... May I ask if i need to add some settings or route for that? If so where should I add to?

 

Thank you for your help!

Takami Chiro

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents