Solved

ASA & Router VPN (DNS Issues)

Posted on 2008-09-30
6
383 Views
Last Modified: 2012-05-05
Hello All,

Back again&

Ok I have a L2L vpn going between an ASA5505 and a Cisco 851W router. I am having problems with the DNS (split DNS?).  Note: the 851 is the DHCP server.

When going to the internet I would like the clients to use the ISP DNS servers, when access domain names that exist over the VPN I will need the client to use the DNS behind the ASA.

Any help? Thanks!!
0
Comment
Question by:dehmerl
  • 4
  • 2
6 Comments
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22608799
You need an Internal DNS server for everything. Just setup your internal DNS server to "forward" requests to the internet. The ISP's DNS servers when configured in your DNS server should be setup as "forwarders".
0
 

Author Comment

by:dehmerl
ID: 22608862
Sorry - I may have been a little misleading...
I do not have a DNS server on the LAN side of the 851, it is for a single person remote office. I need the LAN clients on the 851W to have access to the DNS server back in the Corporate office, when I was reading about split DNS it sounded like I could setup something that said for mydomain.com look at corporate DNS  otherwise use ISP DNS servers. I have to admit I have never done that and I am still not sure how after reading about it.
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
ID: 22609128
You don't need split DNS. Just setup the user behind the 851W to use the IP of the local DNS server at the main office as it's DNS server. This will then work and allow the user to access internal resources by DNS name and internet sites as well (assuming that split tunneling is setup or you have a proxy server).
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22609136
When I say split tunneling I mean on the 851W. This allows internet access AND secure access to the corporate LAN. Still use the corporate DNS server for everything though.
0
 

Author Closing Comment

by:dehmerl
ID: 31501691
Ok, I will go with that!

I now have the clients accessing DNS only via the VPN and it seems to be working just fine.

Guess I was just looking to over complicate things!

Thanks!
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22609799
No prob! :-)
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ACL Logging Optimization 7 41
Cisco ASA version 8.2 NAT to version 9 NAT 3 34
Problem to router 7 53
Simultaneous work of Wi-Fi and LAN on Win10 laptop 4 23
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question