Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
532
Views
0
Helpful
1
Replies

ASA 55xx no Internet Access when VPN from inside the LAN, DNS issue

yev.gen
Level 1
Level 1

‎10-25-2013 01:18 AM

Hello,

Couldn't locate similar posts in support forum so creating new discussion...

ASA 5510 SSL VPN with AnyConnect - all seems to be good with only one issue:

- clients can't browse Internet when VPN connected from within the Office LAN itself.

So clients connect from LAN to the same LAN via VPN. Let's say for testing purposes.

LAN access goes via the tunnel then and does it good.

Internet access - no go. No DNS resolution for domains other than mentioned in split-dns as:

- Internet host resolving is directed not to be tunneled;

- So DNS server from the LAN interface is chosen for resolving and sent DNS query to;

- As this DNS server resides on the LAN the DNS query should be tunneled, right?

- ... what happens next?

DNS server can ping the VPN connected client and client can ping back to DNS server so sending-answering a DNS query shouldn't be an issue?

VPN connected client can ping Internet hosts.

What might be the problem here? NAT? Firewalling? I can't see any trace of DNS queries in the ASA monitoring (Realtime Log Viewer)...

Thanks in advance for all the answers,

Yev

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎10-25-2013 04:12 AM

Hi,

Why are your using VPN Client in your internal network? Whats the idea behind that?

Without seeing actual configurations I am not sure I understand the whole setup.

- Jouni

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents