Solved: Problem with newest AnyConnect app for iPhone

MikeM-2468 · ‎10-25-2011

I've been using the AnyConnect client for iPhone 2.4.4014 for months with no problem. I upgraded to 2.5.4038 and now when it is connected, it can't resolve any DNS on the private network. iPhone iOS is 4.2.10 and that hasn't changed. The only change in the mix is an upgrade to the AnyConnect client on the iPhone. Connecting to an ASA 5510.

Has anyone else had any issues with this?

bobmccouch · ‎10-30-2011

Thanks for this tip! I was seeing very inconsistent behavior of my mail clients sending mail after a long delay or only successfully polling for incoming mail occasionally. I added our internal domain to the split-dns list for the default GP and it restored the function of the AC mobile client.

You saved me a couple hours of debugging work!

Best Regards, Bob McCouch CCIE #38296 (Routing & Switching) ------------------------------------------- Please note: Any recommendations or advice provided in my posts are made with the best of intentions and are believed to be accurate and correct,

View solution in original post

j-sutterfield · ‎10-25-2011

Bad news, I'm running iOS 5 with AnyConnect 2.5.4038 and not having any issues. Internal DNS resolves for what it's supposed to and external does it's job as well. I do split-tunnel for mobile clients so only private address space is tunneled.

I doubt that helps much but some feedback is better than none I hope.

jeradandrews · ‎10-25-2011

I am also experiencing this issue and am running iOS 5 with AnyConnect 2.5.4038. We do split-tunnel as well. The symptoms I'm seeing are as described by MikeM but in my case, I've discovered that DNS on the private network is actually working, but I must specify the FQDN of any resources I'm trying to access on the private network. It appears that since the update ,the default domain specified in the group policy on the ASA isn't being appended when attempting to access resources via Intranet style names. For example, before the update I could simply type "server" where now I must type "server.abc.xyz" for a resource on the internal domain.

MikeM-2468 · ‎10-26-2011

That's good info. I'm able to ping by FQDN and open some web resources that way. One thing didn't quite work that way though. I'm using Cisco Mobile 8.1. Setting the FQDN for the TFTP server works ok. but it doesn't work for the LDAP server for the Directory.

jeradandrews · ‎10-28-2011

Worked for me too. Thanks for the heads up.

bobmccouch · ‎10-30-2011

Thanks for this tip! I was seeing very inconsistent behavior of my mail clients sending mail after a long delay or only successfully polling for incoming mail occasionally. I added our internal domain to the split-dns list for the default GP and it restored the function of the AC mobile client.

You saved me a couple hours of debugging work!

Best Regards, Bob McCouch CCIE #38296 (Routing & Switching) ------------------------------------------- Please note: Any recommendations or advice provided in my posts are made with the best of intentions and are believed to be accurate and correct,

MikeM-2468 · ‎10-31-2011

The split-dns worked for me.

Jim Lasher · ‎10-28-2011

I had this same exact issue and what fixed it for me was adding the "split-dns value" command in my group policy. In your example, try "split-dns value abc.xyz" and make sure you also have the "default-domain value abc.xyz" for that group policy as well.

Hope it works for you!

Lee Anderson · ‎10-28-2011

Excellent Jim. I just added the split-dns to my defaultpolicy and it starting working again!!!

bobmccouch · ‎10-30-2011

Jim, my reply above was directed to you... I hit Reply on the wrong post. Thanks again!

Best Regards, Bob McCouch CCIE #38296 (Routing & Switching) ------------------------------------------- Please note: Any recommendations or advice provided in my posts are made with the best of intentions and are believed to be accurate and correct,