Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2824
Views
0
Helpful
4
Replies

VPN Client uses the wrong DNS

gbruna
Level 1
Level 1

‎11-18-2010 08:13 AM

Hello,

I have a strange  problem with users connecting to our company via Cisco VPN Client software.

The VPN gateway is a Pix 515E running v 7.2-4

The number of concurrent users is around 100.

The problem I face is this:

some users connect correctly to the vpn but then they do not use our internal DNS but they still use the ISP DNS server hence they cannot resolve any name within our organization..

This happens only on some PCs and I cannot find the reason.

Does anybody have an idea on where the problem is?

thanks in advance and regards

Giovanni

Labels:
0 Helpful
4 Replies 4

apothula
Level 1
Level 1

‎11-18-2010 08:30 AM

Hi Giovanni,

Are you using split dns ??

Cheers,


Nash.

0 Helpful

gbruna
Level 1
Level 1
In response to apothula

‎11-18-2010 12:53 PM

no, I'm not using split-dns. This is the setting I have:

group-policy marelli attributes

wins-server value 139.128.15.72

dns-server value 139.128.15.72 139.128.15.71

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value marelli_splitTunnelAcl

default-domain value marelli.it

I tried also with split-dns but with no success....

Thanks

Giovanni

0 Helpful

apothula
Level 1
Level 1
In response to gbruna

‎11-18-2010 05:35 PM

Hi Giovanni,

How did you configure split dns ?

Could provide us that chunk of the configuration ?

Cheers,

Nash.

0 Helpful

gbruna
Level 1
Level 1
In response to apothula

‎11-19-2010 07:47 AM

Hi,

I setup a test group using split-dns and these are the settings:

group-policy test internal

group-policy test attributes

wins-server value 139.128.15.71

dns-server value 139.128.15.71

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value marelli_splitTunnelAcl

split-dns value local it com de fr net uk gov

But from my Pc which works fine with VPN Client with no split-dns I have this problem:

nslookup for every domain included in the split-dns is resolved correctly while if the domain is not included in the split-dns value is NON resolved.

See the example:

VPN Client using the split-dns configured as above:

C:\Documents and Settings\gb>nslookup

Default Server:  itven1adc1.mmemea.marelliad.net

Address:  139.128.15.71

> www.google.com

Server:  itven1adc1.mmemea.marelliad.net

Address:  139.128.15.71

DNS request timed out.

    timeout was 2 seconds.

Non-authoritative answer:

Name:    www.l.google.com

Addresses:  209.85.149.106, 209.85.149.147, 209.85.149.99, 209.85.149.103

          209.85.149.104, 209.85.149.105

Aliases:  www.google.com

> www.google.es            ****  lookup for a domain (es) which is not included in the spli-dns  ****

Server:  itven1adc1.mmemea.marelliad.net

Address:  139.128.15.71

DNS request timed out.

    timeout was 2 seconds.

DNS request timed out.

    timeout was 2 seconds.

*** Request to itven1adc1.mmemea.marelliad.net timed-out

Thanks and Regards

Giovanni

0 Helpful
Customers Also Viewed These Support Documents