Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
536
Views
0
Helpful
1
Replies

DNS resolve issue over remote ssl vpn with slit tunnel

Ravi Raj
Level 1
Level 1

‎01-24-2017 07:25 AM

We have a SSL Remote vpn and IPSEC L2L VPN to our client, some thing like internal network on 10.0.10.x and remote vpn on 10.0.11.x and remote site internal network is 192.168.x.x subnet. our over remote vpn our users will connect to L2L vpn from home.

from last few days we observe DNS resolve issue i.e remote vpn users are unable to access L2L resources.

object-group network NETWORK1
network-object object 10.0.10.0
network-object object 10.0.11.0

object-group network NETWORK_2
 network-object 10.0.10.0 255.255.255.0
 network-object object 10.0.11.0


object-group network NETWORK6
network-object object 192.168.94.0


object-group network NETWORK6R
network-object object 192.168.93.0

object-group network NETWORK4
network-object object 192.168.94.0
network-object object 192.168.93.0

++++++++++++++++++++++++++++++++++++++++++++++++++++++++

nat (inside,outside) source static 10.0.11.0 10.0.11.0 destination static DM_INLINE_NETWORK_6 DM_INLINE_NETWORK_6
nat (any,any) source static NETWORK1 NETWORK1 destination static NETWORK6R NETWORK6R
nat (any,any) source static 10.0.10.0 10.0.10.0 destination static NETWORK6 NETWORK6
nat (any,any) source static 10.0.11.0 10.0.11.0 destination static 10.0.10.0 10.0.10.0
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.0.11.0_24 NETWORK_OBJ_10.0.11.0_24 no-proxy-arp route-lookup
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.11.192_26 NETWORK_OBJ_192.168.11.192_26 no-proxy-arp route-lookup
 
object network INT_NW
 nat (any,outside) dynamic interface

++++++++++++++++++++++++++++++++++++++++++++++++++++++++

access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_3 object 10.0.11.0 object-group NETWORK4  
access-list inside_access_in extended permit icmp any any  
access-list inside_access_in extended permit ip any any  
access-list outside_cryptomap extended permit ip object-group NETWORK_1 object-group NETWORK6
access-list outside_access_in extended permit ip object 10.0.11.0 any  
access-list outside_access_in extended permit icmp any any  
access-list outside_access_in extended permit icmp any any time-exceeded  
access-list outside_access_in extended permit ip object 10.0.10.0 any  
access-list NETWORK6 standard permit 192.168.94.0 255.255.0.0  
access-list NETWORK6 standard permit 192.168.93.0 255.255.0.0  
access-list NETWORK6 standard permit host 10.0.10.0  
access-list S2S_TUNNEL2 extended permit object-group NETWORK1 object-group NETWORK1 object-group NETWORK4

Labels:
0 Helpful
1 Reply 1

Ravi Raj
Level 1
Level 1

‎01-25-2017 04:32 AM

issue got resolved by enabling arp proxy in nat rules from asdm

0 Helpful
Customers Also Viewed These Support Documents