I have configured IPsec dial up VPN on my ASA,i have intrnaet website which is publicly registered,i have internal DNS XXXX XXXX.My ASA ver is 7.2(4) and split tunneling is enabled
the problem is when my dial up users use dongle to connect to VPN they are connected and become part of Network but if thet accesstihs INTERANET WEBSITE(e.g. www.intranet,.com) it goes ad resolves DNS on INTERNET but it does not resolve the DNS on my Local DNS servers and i want them to resolve DNS on my Local DNS servers.
I have option of removing SPLIT TUNNEL but i dnt want to do that can somebody please help me out
Solved! Go to Solution.
You can specify the your DNS IP addresses inside the group policy which you are using for remote access tunnel group
Hope this helps
Thanks for you reply, i have already configured this setting but problem is if i connect to VPN via my home PC i am able to ping and get the server but if i use any dongle like idea,tata it uses the tata,idea DNS servers rather than my internal DNS and i can not ping also the servers via dongle
This looks like an issue with the dongle and can not be controlled from VPN server end, However, There is a workaround
Connect the VPN client to the headend VPN server then go the adapter setting of the vpn client. right click and take properties, the take tcp for ipv4 .
Click advance, then click the DNS tab and change the append dns to the second one. Make your company dns server as first in the order. .
Hope this helps
Following should fix your issue
Let's assume that the domain name for your website is
and RAVPN is the group policy you are using and your internal dns server's address is 192.168.1.100
group-policy RAVPN internal
group-policy RAVPN attributes
split-tunnel-network-list value ravpn-acl
default-domain value abc.com
split-dns value abc.com www.abc.com ------> resolution of only this domain will be using internal DNS server (192.168.1.100). All other domains will be resolved using ISP's DNS server
dns-server value 192.168.1.100-----> Internal dns server's ip
address-pools value IPPOOL
Thanks for your reply,but my prime concern is that i if i use desktop and connect to Remote Access Ipsec it work fine i am able to ping internal nework and i am able to resolve DNS via my internal DNS for e.g abc.com(which is published outside)
But what happens is if i connect DONGLE(idea,tata etc) i am not able to ping internal network and internal DNS servers and everything goes via my DONGLE DNS servers e.g 188.8.131.52, 184.108.40.206
As suggested by you i have put the entry abc.com but after putting the entry i am not able to resolve the URL name either by Locallly or Globally.
Thanks very much buddy after adding the domian it started working via internal DNS,only i need to add domains on it,IF POSSIBLE PLZZ REPLY HOW MANY DOMAINS I CAN ADD IN IT