Solved: Re: DNS Issue in Ipsec Dial up

yogesh bhalerao · ‎10-11-2012

Hi ,

I have configured IPsec dial up VPN on my ASA,i have intrnaet website which is publicly registered,i have internal DNS XXXX XXXX.My ASA ver is 7.2(4) and split tunneling is enabled

the problem is when my dial up users use dongle to connect to VPN they are connected and become part of Network but if thet accesstihs INTERANET WEBSITE(e.g. www.intranet,.com) it goes ad resolves DNS on INTERNET but it does not resolve the DNS on my Local DNS servers and i want them to resolve DNS on my Local DNS servers.

I have option of removing SPLIT TUNNEL but i dnt want to do that can somebody please help me out

abcdrohan · ‎10-12-2012

You can as many as you want just add them one after the other separates by spaces

Sent from Cisco Technical Support iPhone App

View solution in original post

Harish Balakrishnan · ‎10-11-2012

Hello Yogesh,

You can specify the your DNS IP addresses inside the group policy which you are using for remote access tunnel group

group-policy attributes

dns-server value

Hope this helps

Harish.

yogesh bhalerao · ‎10-11-2012

Hi Harish,

Thanks for you reply, i have already configured this setting but problem is if i connect to VPN via my home PC i am able to ping and get the server but if i use any dongle like idea,tata it uses the tata,idea DNS servers rather than my internal DNS and i can not ping also the servers via dongle

Harish Balakrishnan · ‎10-11-2012

Hello Yogesh,

This looks like an issue with the dongle and can not be controlled from VPN server end, However, There is a workaround

Connect the VPN client to the headend VPN server then go the adapter setting of the vpn client. right click and take properties, the take tcp for ipv4 .

Click advance, then click the DNS tab and change the append dns to the second one. Make your company dns server as first in the order. .

regards

Hope this helps

Harish

yogesh bhalerao · ‎10-11-2012

Hi Harish,

I will check the same and reply

abcdrohan · ‎10-11-2012

Following should fix your issue

Let's assume that the domain name for your website is

abc.com

and RAVPN is the group policy you are using and your internal dns server's address is 192.168.1.100

group-policy RAVPN internal

group-policy RAVPN attributes

vpn-idle-timeout 30

split-tunnel-policy tunnelspecified

split-tunnel-network-list value ravpn-acl

default-domain value abc.com

split-dns value abc.com www.abc.com ------> resolution of only this domain will be using internal DNS server (192.168.1.100). All other domains will be resolved using ISP's DNS server

dns-server value 192.168.1.100-----> Internal dns server's ip

address-pools value IPPOOL

yogesh bhalerao · ‎10-11-2012

Hi Rohan,

Thanks for your reply,but my prime concern is that i if i use desktop and connect to Remote Access Ipsec it work fine i am able to ping internal nework and i am able to resolve DNS via my internal DNS for e.g abc.com(which is published outside)

But what happens is if i connect DONGLE(idea,tata etc) i am not able to ping internal network and internal DNS servers and everything goes via my DONGLE DNS servers e.g 1.1.1.1, 2.2.2.2

yogesh bhalerao · ‎10-12-2012

Hi Rohan,

As suggested by you i have put the entry abc.com but after putting the entry i am not able to resolve the URL name either by Locallly or Globally.

yogesh bhalerao · ‎10-12-2012

Hi Rohan,

Thanks very much buddy after adding the domian it started working via internal DNS,only i need to add domains on it,IF POSSIBLE PLZZ REPLY HOW MANY DOMAINS I CAN ADD IN IT

abcdrohan · ‎10-12-2012

You can as many as you want just add them one after the other separates by spaces

Sent from Cisco Technical Support iPhone App