Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6197
Views
0
Helpful
3
Replies

SSLVPN Multiple Default Domain's

Go to solution
mdfetting
Level 1
Level 1

‎12-13-2010 10:17 AM

This question pertains to SSL VPN running on an ASA5520 using 8.2. I need to be able to support two "default domain" values in my SSL VPN's Internal Group Policy. The "default domain" field in the Servers section of Internal Group Policy only seems to support one domain name entry. I tried to create a second connection profile and group policy with matching values, except that this new policy contains the second domain name. This did not seem to make any difference. What is the right approach to supporting multiple default domains for SSL VPN connections?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rahgovin
Level 4
Level 4

‎12-13-2010 11:15 AM

Unfortunately, we can only have one default-domain value per group-policy. You can use split-dns to put in multiple domains that can be resolved via the internal dns server( per group-policy), but you would need to put in the entire domain-name when you query in case you want to resolve to right one. Only for the default-domain you can use the name alone to resolve.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml#splitdns

View solution in original post

0 Helpful
3 Replies 3

Go to solution
rahgovin
Level 4
Level 4

‎12-13-2010 11:15 AM

Unfortunately, we can only have one default-domain value per group-policy. You can use split-dns to put in multiple domains that can be resolved via the internal dns server( per group-policy), but you would need to put in the entire domain-name when you query in case you want to resolve to right one. Only for the default-domain you can use the name alone to resolve.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml#splitdns

0 Helpful

Go to solution
mdfetting
Level 1
Level 1
In response to rahgovin

‎12-13-2010 11:43 AM

Thanks, Rahul! Editing the group policy's Split Tunneling DNS Names did solve this issue for me. I was able put them in separated by spaces.

0 Helpful

Go to solution
rahgovin
Level 4
Level 4
In response to mdfetting

‎12-13-2010 11:49 AM

Great Mark this thread as answered if your issue is resolved.

Thanks.

0 Helpful
Customers Also Viewed These Support Documents