Hi Philips,

gaojun · ‎04-12-2017

Hi All,

OS: Windows 7, 8, 10
VPN client: Cisco AnyConnect

By default, the DNS servers configured on VPN interface have higher priority than LAN interface. Is there any way to swap the order? In the Control Panel - Network and Internet - Network Connections - Advance - Advanced Settings - Adapters and Bindings, it seems somehow the order is not able to be changed (it will be rolled back even if changed). Also, in the registry, I could see the VPN adapter is originally in the bottom, but the DNS configured on VPN interface actually has the highest priority as per my testing (nslookup) & analysis (sniffing).

Philip D'Ath · ‎04-14-2017

That is exactly what you want. You only want the AnyConnect configured DNS servers to be used when the VPN is up. When the VPN is down the configured settings will not be used.

gaojun · ‎04-14-2017

This is not I want. Spilt tunneling is enabled. I'd like the DNS server configured on LAN interface to be used.

Philip D'Ath · ‎04-14-2017

Then don't configure the VPN head end to push out DNS settings and the LAN configuration will be used.

gaojun · ‎04-16-2017

Hi Philips,

Thanks very much for your reply again. However, we cannot request our partner - the VPN gateway owner/administrator to remove pushing DNS settings. The reason is, our VPN client users sometimes work in the office (prefer local enterprise DNS), sometimes work at home (prefer remote partner DNS). Do you see any way to adjust the DNS priority on local enterprise computers?

Thanks!

Philip D'Ath · ‎04-17-2017

Well that is the issue. The administrator of the VPN head end sets the policy for connecting to their network. You are having trouble because you are trying to find a way to violate that policy. As long as you are trying to work against their policy you will have issues.