Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
166
Views
0
Helpful
0
Replies

DNS responses simply ignored from the OS with active AnyConnect tunnel

tneumayer
Level 1
Level 1

‎08-18-2015 11:18 AM - edited ‎02-21-2020 08:24 PM

Hi there,

i encountered a really weird problem and even after a week am nowhere near solving it.

 

I am connecting with AnyConnect 4.0.00061 on Windows 8.1/10 (tried both) to our ASA5520.

The machine passes its certificate and the tunnel is established, routing tables are updated and the interface is configured just as it should be. No splitting, just put everything thru the tunnel.

 

Trying to ping servers on our network, rdp to them, cifs, ... everything is fine and dandy unless i'm using ip that is.

Even starting nslookup sets the first dns-server, which was configured in the group-policy and it resolves fine.

 

And now here's the part where i'm baffeled to no end: Windows itself doesn't accept the dns-replies it gets for resolving names.

I even wiresharked it on the anyconnect-interface. I do a "ping dc1", it tells me it couldnt find such a host. Wireshark however shows the requests for all the domains on the search-list to both of the group-policy'd dns-servers. And they reply back with the correct answer. It's just that the windows resolver doesn't accept it.

Same goes for opening unc-paths, putty, any application really.

 

I searched thru the ac-profile, grouppolicy settings, connection profile settings...the only thing i toggled was "send all dns traffic thru tunnel" on the ASA; with no effect.

 

Maybe someone sees a correlation or has a gotcha i don't know about. I'd highly appreciate every bit of help.

 

Kind regards,

Thomas

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents