Re: anyconnect with google dns

junsung kim · ‎04-18-2020

Hi everyone.

If I set DNS value 8.8.8.8 in the group policy

A DNS query goes to a tunnel.

I hope that the DNS query goes to the internet directly.

But I don't know how to do it.

thank you in advance

best regards

Sheraz.Salim · ‎04-18-2020

if you set up a DNS entry 8.8.8.8 in group-policy and when you connect from end client (using anyconnect) once the anyconnet is authenticate it will download the routing table as defined in split-tunnel and also download the DNS entry ip address. therefore in your case the request will come to the ASA inside tunnel (anyconnect).

now if you want to test this. here

To capture tunnel interface traffic you have to run following command on cmd of windows system. The cmd should be open using administrator privilege.

net stop npf
net start npf

now doing a wireshak cap you can see if your DNS request is going into anyconnect tunnel to your firewall.

please do not forget to rate.