Solved

ASA & Router VPN (DNS Issues)

Posted on 2008-09-30
6
372 Views
Last Modified: 2012-05-05
Hello All,

Back again&

Ok I have a L2L vpn going between an ASA5505 and a Cisco 851W router. I am having problems with the DNS (split DNS?).  Note: the 851 is the DHCP server.

When going to the internet I would like the clients to use the ISP DNS servers, when access domain names that exist over the VPN I will need the client to use the DNS behind the ASA.

Any help? Thanks!!
0
Comment
Question by:dehmerl
  • 4
  • 2
6 Comments
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22608799
You need an Internal DNS server for everything. Just setup your internal DNS server to "forward" requests to the internet. The ISP's DNS servers when configured in your DNS server should be setup as "forwarders".
0
 

Author Comment

by:dehmerl
ID: 22608862
Sorry - I may have been a little misleading...
I do not have a DNS server on the LAN side of the 851, it is for a single person remote office. I need the LAN clients on the 851W to have access to the DNS server back in the Corporate office, when I was reading about split DNS it sounded like I could setup something that said for mydomain.com look at corporate DNS  otherwise use ISP DNS servers. I have to admit I have never done that and I am still not sure how after reading about it.
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
ID: 22609128
You don't need split DNS. Just setup the user behind the 851W to use the IP of the local DNS server at the main office as it's DNS server. This will then work and allow the user to access internal resources by DNS name and internet sites as well (assuming that split tunneling is setup or you have a proxy server).
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22609136
When I say split tunneling I mean on the 851W. This allows internet access AND secure access to the corporate LAN. Still use the corporate DNS server for everything though.
0
 

Author Closing Comment

by:dehmerl
ID: 31501691
Ok, I will go with that!

I now have the clients accessing DNS only via the VPN and it seems to be working just fine.

Guess I was just looking to over complicate things!

Thanks!
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22609799
No prob! :-)
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now