Changed DNS on our Windows Network but when I VPN in I still get the old DNS

Posted on 2006-05-20
Last Modified: 2010-04-12
We have a PIX firewall and Cisco VPN 3000 concentrator.  We use Internet Authentication Service on an Internal Windows Server.  DHCP addresses are provided by the Cisco 3000.
I changed the Domain Controller on our Network and everything works fine within our firewall.  However when I VPN to that network I'm forced to authenticate to connect to our Exchange Server and Network Drives.   I ran ipconfig on my remote computer and noticed that the DNS was still pointing the old Domain Controller which has been demoted.  I connected to our 3000 and found the old DNS and WINS ip addresses under User Management.  I changed the setting to the correct address, saved the settings and rebooted the 3000.  I also verified that the DNS server under system setting was set correctly.  However when I connect again the WINS address is correct but the old DNS is still being given out.  The host file on the remote PC is empty.  I can change the DNS setting on the Virtual adapter once I'm connected and I have no problem.  Of course once I disconnect and reconnect the Virtual adapter picks up the old DNS setting.  Could there be a setting on our PIX that is controlling this?  Any ideas?  
Question by:lwrogers
    LVL 10

    Accepted Solution

    I am not sure on the 3000 but on the PIX, use the following example command to reassign the VPN clients new DNS server addresses:
    vpngroup yourgroupname dns-server

    Author Comment

    I found the problem!  In the Cisco 3000 there is a base group and then specific groups that can be created.  Each specific group can have it's own dns settings which may or may not be inherited from the base group.  In my case it was setup to inherit the second dns and wins setting from the base group but not the primary dns.  So the primary dns was incorrect on the specific group.  Once corrected dns is now assigned correctly on incoming VPN sessions.  Case Closed!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
    I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now