[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

ASA & Router VPN (DNS Issues)

Posted on 2008-09-30
6
Medium Priority
?
392 Views
Last Modified: 2012-05-05
Hello All,

Back again&

Ok I have a L2L vpn going between an ASA5505 and a Cisco 851W router. I am having problems with the DNS (split DNS?).  Note: the 851 is the DHCP server.

When going to the internet I would like the clients to use the ISP DNS servers, when access domain names that exist over the VPN I will need the client to use the DNS behind the ASA.

Any help? Thanks!!
0
Comment
Question by:dehmerl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22608799
You need an Internal DNS server for everything. Just setup your internal DNS server to "forward" requests to the internet. The ISP's DNS servers when configured in your DNS server should be setup as "forwarders".
0
 

Author Comment

by:dehmerl
ID: 22608862
Sorry - I may have been a little misleading...
I do not have a DNS server on the LAN side of the 851, it is for a single person remote office. I need the LAN clients on the 851W to have access to the DNS server back in the Corporate office, when I was reading about split DNS it sounded like I could setup something that said for mydomain.com look at corporate DNS  otherwise use ISP DNS servers. I have to admit I have never done that and I am still not sure how after reading about it.
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 2000 total points
ID: 22609128
You don't need split DNS. Just setup the user behind the 851W to use the IP of the local DNS server at the main office as it's DNS server. This will then work and allow the user to access internal resources by DNS name and internet sites as well (assuming that split tunneling is setup or you have a proxy server).
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22609136
When I say split tunneling I mean on the 851W. This allows internet access AND secure access to the corporate LAN. Still use the corporate DNS server for everything though.
0
 

Author Closing Comment

by:dehmerl
ID: 31501691
Ok, I will go with that!

I now have the clients accessing DNS only via the VPN and it seems to be working just fine.

Guess I was just looking to over complicate things!

Thanks!
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22609799
No prob! :-)
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question