Re: DNS Issues Cisco Anyconnect Version 4.3

issmoussa1 · ‎05-26-2018

Hi All,

When connect via Remote Access to my corporate network, My Cisco Anyconnect Client is unable to resolve internal server name. My ipconfig /all doesn't show any line that have with my dns server value.

thanks in advance for your response

Karsten Iwen · ‎05-26-2018

That has to be done by the administrator of the VPN-gateway. He can configure the VPN to send the right DNS-server to the client.

issmoussa1 · ‎05-26-2018

Thank you for the reply. Im the Administrator of the VPN, In my group-policy the dns server part is configured to point to the right DNS IPs.

It seems that my anyconnect received all the parameters ( pool ip, banner word) but no dns value.

Karsten Iwen · ‎05-26-2018

I'm not aware of any related bug, but you could first upgrade to the latest 4.6 AnyConnect and test with that.

The ASA is very flexible in the way how group-policies are applied. First check if you really get the right policy. While connected look at the output of "show vpn-sessiondb detail anyconnect" if you get the group-policy that you expect.

issmoussa1 · ‎05-28-2018

Thank you for your reply!

in the output of the show vpn-sessiondb detail anyconnect, my anyconnect receive the right group-Policy. I will try to install the latest version of anyconnect and do an update of this post

issmoussa1 · ‎05-28-2018

Hello,

Now using Anyconnect 4.6 but always the same issue.

On the ASA, I'm using external group-Policy that are configured on ISE with the following value :

* DACL = MY_DACL
   * Class = MY_GROUP_POLICY
   * CVPN3000/ASA/PIX7x-Primary-DNS = X.X.X.X
   * CVPN3000/ASA/PIX7x-IPSec-Split-DNS-Names = www.local
   * CVPN3000/ASA/PIX7x-IPSec-Split-Tunneling-Policy = 1
   * CVPN3000/ASA/PIX7x-IPSec-Split-Tunnel-List = SPLT_TUNNEL_ACL
   * CVPN3000/ASA/PIX7x-Address-Pools = MY_VPN_POOL
   * CVPN3000/ASA/PIX7x-Tunneling-Protocols = 100