Force DNS server to VPN Client

sophiaconseil · ‎07-12-2011

Hello everybody,

I'm having a bit of a problem with my VPN clients and I'm looking for some help. I don't think it's too hard but I can't seem to find the information I need anywhere.

I use an ASA 5510 as a VPN server for my VPN clients who use the Cisco VPN client software to get access to the local network. Most of the time, it works perfectly fine and they are able to connect to their mail account directly with Outlook messenger using a local DNS name that points to the local IP address, but for some reason, sometimes it tries to connect to the server using the public IP address. So what I do is that I add a line in the "hosts" file located in "C:\Windows\System32\drivers\etc" to tell the computer what IP address to use for a the domain name. But I would like to find a way, when using the VPN client, to make the client use only the local DNS servers and not the public ones.

Has anyone any idea on how I should configure my ASA 5510 in order to make it all work out the way I need?

Thank you in advance for the help you will provide me with.

mvsheik123 · ‎07-12-2011

Hi,

If I understand you query correct, having the VPN users receive your internal DNS server IPs when connected, should resolve this.

group-policy attributes --> VPN users policy.

dns-server value DNS1 DNS2

This way user requests will hit your internal DNS and those DNS resolves to internal IP. Downside, user internet browsing requests also, hit your internal DNS servers (not really downside, but wanted to mention ;-)).

hth

MS

sophiaconseil · ‎07-12-2011

thank you very much for your quick answer, it's funny though because I just found the answer I was looking for by myself the same way you gave me except I used the command split-dns instead of dns-server and it seems to work. Once again thank you.