Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3077
Views
5
Helpful
3
Replies

Local NIC dns does not work after connecting to Anyconnect

Go to solution
rawatrajesh
Level 1
Level 1

‎08-10-2016 02:38 AM - edited ‎02-21-2020 08:55 PM

Hello,

Am stuck with a problem with Cisco Any-connect.

My organisation has a domain (for example, domain.com) and the local NIC is configured with the DNS Server IP to resolve host-names. Without connecting Cisco Any-Connect the resolution on LAN happens fine and i am able to resolve FQDN (for example, name1.domain.com).

Now when I connect Cisco Any-Connect Software provided by clients, the any-connect also provides a DNS Server IP in the Any-Connect Virtual Adapter, and once the VPN is connected it doesn't identify the FQDNs on LAN (for example, name1.domain.com), but resolves all FQDN behind the VPN network (for example name2.foreigndomain.com)

On troubleshooting, we checked that the route for DNS Server on VPN has higher metric and all FQDN resolution is happening by DNS Server on VPN. Now since the VPN DNS Server would not have information about DNS Server on LAN (or FQDN on LAN) it doesnot resolve.

Note: Here "domain.com" and "foreigndomain.com" are 2 separate institutions.

I was going through some documents and saw about split-dns in VPN config but was not sure if it is the actual solution.

Would like to have solution so that even my Cisco Any-Connect being connected the DNS traffic for "foreigndomain.com" should be passed on VPN else rest all DNS resolution to happen using local NIC DNS configuration.

Any help would be highly appreciated.

Thank You....

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
kvaldelo
Level 1
Level 1

‎08-10-2016 11:37 AM

Hi,

As you mentioned the right way is to configure a split DNS in that way only the DNS queries matching the FQDN configured on the ASA will be routed over the tunnel to the ASA DNS server configured for the tunnel traffic 

You can have more detailed information in the following document:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116016-technote-AnyConnect-00.html

View solution in original post

0 Helpful
3 Replies 3

Go to solution
kvaldelo
Level 1
Level 1

‎08-10-2016 11:37 AM

Hi,

As you mentioned the right way is to configure a split DNS in that way only the DNS queries matching the FQDN configured on the ASA will be routed over the tunnel to the ASA DNS server configured for the tunnel traffic 

You can have more detailed information in the following document:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116016-technote-AnyConnect-00.html

0 Helpful

Go to solution
rawatrajesh
Level 1
Level 1
In response to kvaldelo

‎08-11-2016 03:39 AM

Thanks Kvaldelo.

Figured this out as solution by looking at support documents yesterday after posting this column. Implemented and is working fine, anyways thanks for you effort and help.

0 Helpful

Go to solution
MSD1001
Level 1
Level 1
In response to rawatrajesh

‎08-09-2023 04:31 AM

Hi Rajesh... Please help me with the solution..I am facing the same issue. Flex anyconnect Configuration looks ok on the Cisco ios xe router that I configured. Connection is successful, I am able to browse the internet but unable to reach the local dns or any other application servers. Kindly help

0 Helpful
Customers Also Viewed These Support Documents