cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1050
Views
0
Helpful
0
Replies

Anyconnect SSL-VPN - DNS Lookups (external) doesn't work

Josef Nord
Level 1
Level 1

Hello,

I have issues with my SSL AnyConnect VPN setup on my ASA 5512-x. The VPN , split tunneling and NAT exempt is working fine and i can connect to internal hosts.

However, external or internal DNS requests doesn't work on the clients (Windows, Anyconnect). I want full split tunneling, ie DNS requests should not go through the VPN.

The DNS requests works through NSLOOKUP but not in ping and in any browser.

(The config, request more if i've omitted something important).

ASA Version 8.6(1)2

!

access-list vlan42-splittunneling standard permit 192.168.42.0 255.255.255.0

!
ip local pool vlan42test 192.168.199.50-192.168.199.55 mask 255.255.255.0
address-pools value vlan42test
!
nat (any,any) source static any any destination static VPN-pool-range VPN-pool-range

!

object network VPN-pool-range

range 192.168.199.10 192.168.199.254

!


!

webvpn
enable Outside
anyconnect image disk0:/anyconnect-win-3.1.04072-k9.pkg 1
anyconnect enable
group-policy vlan42-clientvpn-policy internal
group-policy vlan42-clientvpn-policy attributes
wins-server none
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vlan42-splittunneling
default-domain value doesntmatter.local
split-dns value doesntmatter.local
vlan none
address-pools value vlan42test
vpn-group-policy vlan42-clientvpn-policy
vpn-simultaneous-logins 20
service-type remote-access
tunnel-group vlan42-con-profile type remote-access
tunnel-group vlan42-con-profile general-attributes
authentication-server-group ah
default-group-policy vlan42-clientvpn-policy
tunnel-group vlan42-con-profile webvpn-attributes
group-alias privatecloud42 enable
group-url https://vpn.**.com/privatecloud42 enable
!

I gladly appreciate your help. Thank you.

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: