Hi, I am unable to get my 891 router connected by EZVPN to an ASA to resolve DNS querys to the corporate DNS server.

It appears that the DNS queries are not being placed into the tunnel, but instead are using the outside address of the routers.

This leads me to believe that the command domain name-server interface vlan1 is not working.

interface GigabitEthernet0
 ip address dhcp
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 duplex auto
 speed auto
 crypto ipsec client ezvpn xxxxxASA

interface Vlan1
 description Home Network Inside
 ip address 172.17.64.1 255.255.255.0
 ip tcp adjust-mss 1452
 crypto ipsec client ezvpn xxxxxASA inside

ip dns view default
 logging
 domain name x.y.on.ca
 domain name-server  192.1.10.254
 domain name-server interface Vlan1

ip dns server

I can see by looking at the crypto map nothing is being encapsulated as a result of a name query.

It should be going into this crypto map

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (172.17.64.0/255.255.255.0/0/0)
   remote ident (addr/mask/prot/port): (192.1.10.0/255.255.255.0/0/0)

but the count remains as below

    #pkts encaps: 25, #pkts encrypt: 25, #pkts digest: 25
    #pkts decaps: 25, #pkts decrypt: 25, #pkts verify: 25

with no other counter incrementing.

A ping or telnet from a device on 172.17.64.0 works fine and causes those counters to increment so the tunnel is working.

I can even ping from the router using the source opton on the ping command.

Once in all my attempts to troubleshoot I got the name query to use the tunnel.

Any help is greatly appreciated.

I even tried

ip domain lookup source-interface Vlan1

but that does not work either.

Code is 15.2(4)M6.

debug ip packet 100 that permits 192.1.10.254 in both directions shows the packet going out from the Gi0 ip address.