Re: vpn issue - Page 2

kp-tkr2014 · ‎03-02-2020

Hi,

using cisco asa 9.x code and the below configuration .

we are using two dns server for internal url resolving and external dns resolving

internal test.local and external test.com

The problem remote users using anyconnect cannot resolve the dns

group-policy Test internal
group-policy Test attributes
wins-server none
dns-server value 192.168.100.1
vpn-tunnel-protocol ikev1 ssl-client

split-tunnel-policy tunnelspecified
split-tunnel-network-list value testsplitacl
default-domain value test.local
address-pools value test

Thanks

kp-tkr2014 · ‎03-07-2020

Hi,

thank you for the reply ,what does it meany by "Tunnel-all configuration (and split-tunneling with tunnel-all DNS enabled) " in the link you provided under section

DNS with Split Tunneling on Different OSs

Tunnel-all means there is no split tunnel ,all traffic are go through the tunnel , so what does it mean by "Tunnel-all configuration (and split-tunneling with tunnel-all DNS enabled)" , How is that possible with tunnel-all and split tunnel together

and what is

split-tunnel-all-dns disable

Thanks

Sheraz.Salim · ‎03-08-2020

here you go this will help you to understand the question you asked here

please do not forget to rate.

Cristian Matei · ‎03-09-2020

Hi,

Read the document carefully, it's simply to understand. You have the following options:

- use split-dns, establish the AnyConnect session, launch NSLookup, query internal domains and external domains, and see if the resolutions performs as expected (internal DNS queries for configured domains goes through the tunnel, everything else goes through the physical interface)

- don't use split-dns, leave it to default and do the same tests

Regards,

Cristian Matei.

kp-tkr2014 · ‎03-10-2020

Hi

i tested with split dns and without split dns

but it does not working . i think nslookup behave in a different way

Thank

Cristian Matei · ‎03-10-2020

Hi,

For me, it worked each time i needed, it was just a matter of running 2-3 version of AnyConnect. With each of the mentions options, which DNS query does not go where you want, in or outside the tunnel, for which domains, your own or Internet? Does all your DNS traffic go in the tunnel, or outside the tunnel?

Regards,

Cristian Matei.

kp-tkr2014 · ‎03-10-2020

Hi,

I removed split-dns ,

then my a.test.com resolved (a test.com has both private and public ip address ), this worked

then my b.test.com did not resolved ,b.test.com has only private ip , it does not have public ip),

this b.test.com can only resolve using our locally hosted dns server(192.168.1.1)

added split-dns , all test.com (private and public ) not resolving

Is it possible to see the dns traffic in wireshark ?

Sheraz.Salim · ‎03-10-2020

yes if you connect to anyconnect module in your laptop and capture the traffic. yes.

please do not forget to rate.

Cristian Matei · ‎03-10-2020

Hi,

And how exactly do you expect b.test.com to be resolved through the VPN tunnel via the DNS server of 192.168.1.1, if you have 192.168.100.1 configured as your DNS server in the group-policy for VPN?

Regards,

Cristian Matei.

kp-tkr2014 · ‎03-10-2020

Hi,

Sorry it was typo, the dns server 192.168.100.1

Thanks

Cristian Matei · ‎03-11-2020

Hi,

You've lost me. Anyways, Make sure that the DNS server configured for VPN users can resolve everything, and this way you get an easy fix.

Regards,
Cristian Matei.

Sheraz.Salim · ‎03-10-2020

upload your firewall configuration.

please do not forget to rate.

kp-tkr2014 · ‎03-09-2020

Hi,
Can you suggest a stable versio n
Thanks

Sheraz.Salim · ‎03-09-2020

yes anyconnect version 4.8 and ASA 9.8.4 or 9.13.

please do not forget to rate.

kp-tkr2014 · ‎03-09-2020

Hi,
I am using 9.2
Thanks

Sheraz.Salim · ‎03-09-2020

9.2 is fine upgrade the anyconnect.

please do not forget to rate.