02-10-2010 11:03 AM
Cisco ASA VPN issue can't resolve name from local DNS
If i connect via LAN i can resolve name from DNS server normaly but when i connect vpn via internet
case 1 connect vpn use split tunnel for internal ip connect to tunnel and internet serf via local internet [can resolve form dns of connected internet ]
C:\>nslookup normanxak.local
*** Can't find server name for address 192.168.1.2: Non-existent domain
*** Can't find server name for address 192.168.1.18: Non-existent domain
Default Server: dns1.asianet.co.th
Address: 203.144.207.29
*** dns1.asianet.co.th can't find normanxak.local: Non-existent domain
case 2 connect vpn no use split tunnel
C:\>nslookup
*** Can't find server name for address 192.168.1.2: Non-existent domain
*** Can't find server name for address 192.168.1.18: Non-existent domain
Default Server: dns1.asianet.co.th
Address: 203.144.207.29
> normanxak.local
Server: dns1.asianet.co.th
Address: 203.144.207.29
Name: normanxak.local
Addresses: 192.168.1.18, 192.168.1.17, 192.168.1.2
thank u for best support
02-10-2010 11:51 AM
In the group-policy you have split-dns setup as "split-dns value 192.168.1.2 192.168.1.18" This is incorrect.The values for the split-dns setting should not be IP addresses -- they need to be the internal domain name that you want to resolve over the tunnel. For example if I wanted my dns request for myhost.cisco.com to go over the tunnel and everything else (like xxxx.google.com or xxxx.yahoo.com) to use my normal Internet DNS server, in the group policy I would have "split-dns value cisco.com"
-heather
02-10-2010 12:05 PM
now i remove "
split-dns value 192.168.1.2 192.168.1.18 "
but i can't solve name same...
group-policy BO2VPN internal
group-policy BO2VPN attributes
dns-server value 192.168.1.2 192.168.1.18
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value BO2VPN_splitTunnelAcl
group-policy BO3VPN internal
group-policy BO3VPN attributes
dns-server value 192.168.1.2 192.168.1.18
vpn-tunnel-protocol IPSec
03-17-2010 08:05 PM
khahodeka wrote:
now i remove "
split-dns value 192.168.1.2 192.168.1.18 "
but i can't solve name same...
I don't think he meant for you to remove the statement, but instead replace it with:
"split-dns value domain1.local domain2.local"
03-17-2010 08:11 AM
Hello,
Try set "asianet.co.th" to default domain under your vpn policy
Kim Eriksen
Field Engineer
Infolink ApS
02-20-2014 06:45 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide