cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
636
Views
0
Helpful
1
Replies

AnyConnect VPN on ASA - can ping dns server but webpages don't work

twhittle1
Level 1
Level 1

Hi All,

I'm currently trying to configure Anyconnect VPN access using an ASA5505. I've been able to get the VPN to work in that a client can connect back, it's given the correct IP address and dns servers. I can ping and access internal resources. I can ping the dns server (8.8.8.8) however whenever I try to open a webpage it says "www.cisco.com's server DNS address could not be found".

I'm trying to enable a full tunnel (using the head end internet connection as opposed to the clients local connection). 

My setup is: internet -> router -> ASA. So the ASA isn't performing the NAT. I don't think it is a NAT problem though because I permitted the whole internal subnet to see if this was the issue and nothing changed.

I've enabled "same-security-traffic permit intra-interface" and this has allowed me to ping ip addresses on the internet (before this command I couldn't get any external access) however I cannot open any webpages.

when I do a ipconfig/all the dns server is showing correctly. But if I do an nslookup the dns request says it's timed out

Does anyone have any ideas?

I'll gladly post config I just didn't want to clutter up the initial message.

Am I missing anything simple?

Thanks,

Tom

1 Reply 1

lethanhtung0131
Level 1
Level 1

Have you open udp/tcp 53 from vpn client go to 8.8.8.8?