Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1095
Views
0
Helpful
3
Replies

firepower 1140 anyconnect and FQDN

Go to solution
kapydan88
Level 4
Level 4

‎04-03-2020 02:49 AM

Hello for everybody.

 

I don't know how to formulate the question correctly...

We have anyconnect on firepower 1140. Users can connect without problems, all resources are available by ip, but when connecting/ping internal resources by name - not completely.

 

For example, if i try to ping server by ip - its ok.

If i try to ping by name without domain - not work.

If i try to ping by name with domain - its ok.

 

C:\Users\Nikita>ping 10.10.10.20

Pinging 10.10.10.20 with 32 bytes of data:
Reply from 10.10.10.20: bytes=32 time=30ms TTL=56
Reply from 10.10.10.20: bytes=32 time=32ms TTL=56

Ping statistics for 10.10.10.20:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 32ms, Average = 31ms

C:\Users\Nikita>ping srv01
Ping request could not find host srv01. Please check the name and try again.

 

C:\Users\Nikita>ping srv01.test.ru

Pinging 10.10.10.20 with 32 bytes of data:
Reply from 10.10.10.20: bytes=32 time=30ms TTL=56
Reply from 10.10.10.20: bytes=32 time=32ms TTL=56

 

Is it possible to fix this problem, so that users connected via anyconnect can ping and have access to resources, without specifying the full name with the domain.

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎04-03-2020 03:54 AM

Hi,

Configure the "default-domain" command under the group-policy. E.g:-

 

group-policy GP-1 attributes
 default-domain value lab.local

This will allow you to resolve the hostname without appending the domain name.

 

HTH

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎04-03-2020 03:54 AM

Hi,

Configure the "default-domain" command under the group-policy. E.g:-

 

group-policy GP-1 attributes
 default-domain value lab.local

This will allow you to resolve the hostname without appending the domain name.

 

HTH

0 Helpful

Go to solution
kapydan88
Level 4
Level 4
In response to Rob Ingram

‎04-03-2020 04:13 AM - edited ‎04-03-2020 04:20 AM

How can i do this via FMC? 

Сan I add this part of the config as it is or "warm"? Will this affect users who are already connected?

 

dd.PNG

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to kapydan88

‎04-03-2020 04:15 AM - edited ‎04-03-2020 04:24 AM

Sorry, yes that's correct.

 

Yes you can make the change whilst users are connected, but the users will need to disconnect and reconnect for the setting to be applied to their session.

0 Helpful
Customers Also Viewed These Support Documents