Re: VPN Client IP configuration

tahequivoice · ‎03-10-2011

Is there a way to change an individual VPN client users DNS server IP's? We have a customer looking to have one or two users bypass the internal DNS servers, without having to change out the client tunnel and configuration from the ASA itself. I can see where it can be done with Anyconnect as it has a virtual adapter under the windows networking, but I dont see where there is one for the VPN client itself. They use a DNS solution that prevents users from going to non work related sites, which affects all users, including VPN and EZVPN, a few need to bypass this since they are allowed to go anywhere(owners priviledges). We need to come up with a way for it to wrk, or find out why the settings for the users themselves are not working over VPN or EZVPN. The system they use allows for individual accounts to have full DNS, some at specific hours, and others fully restricted, internally those settings are working, but not for either of the two VPN types setup on the ASA.

Federico Coto Fajardo · ‎03-10-2011

Hi,

Let me see if I understand...

Manually setting the DNS on the client computer or configuring another VPN group (to assign a different DNS server to these clients) are not an option?

Federico.

tahequivoice · ‎03-10-2011

The second VPN group is an option for the remote clients, but not for the EZVPN. The EZVPN users must be able to use the OpenDNS servers during the day, but not at night, and switching back and forth would be a pain, especially for those users who are not PC savvy. I am getting more details regarding the issue to find out just what is not working. They want to keep all users on the same client group, which is why I was asking if there is a way to change DNS on the client side.