ASA & Router VPN (DNS Issues)

Hello All,

Back again&

Ok I have a L2L vpn going between an ASA5505 and a Cisco 851W router. I am having problems with the DNS (split DNS?).  Note: the 851 is the DHCP server.

When going to the internet I would like the clients to use the ISP DNS servers, when access domain names that exist over the VPN I will need the client to use the DNS behind the ASA.

Any help? Thanks!!
dehmerlAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
PugglewuggleConnect With a Mentor Commented:
You don't need split DNS. Just setup the user behind the 851W to use the IP of the local DNS server at the main office as it's DNS server. This will then work and allow the user to access internal resources by DNS name and internet sites as well (assuming that split tunneling is setup or you have a proxy server).
0
 
PugglewuggleCommented:
You need an Internal DNS server for everything. Just setup your internal DNS server to "forward" requests to the internet. The ISP's DNS servers when configured in your DNS server should be setup as "forwarders".
0
 
dehmerlAuthor Commented:
Sorry - I may have been a little misleading...
I do not have a DNS server on the LAN side of the 851, it is for a single person remote office. I need the LAN clients on the 851W to have access to the DNS server back in the Corporate office, when I was reading about split DNS it sounded like I could setup something that said for mydomain.com look at corporate DNS  otherwise use ISP DNS servers. I have to admit I have never done that and I am still not sure how after reading about it.
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
PugglewuggleCommented:
When I say split tunneling I mean on the 851W. This allows internet access AND secure access to the corporate LAN. Still use the corporate DNS server for everything though.
0
 
dehmerlAuthor Commented:
Ok, I will go with that!

I now have the clients accessing DNS only via the VPN and it seems to be working just fine.

Guess I was just looking to over complicate things!

Thanks!
0
 
PugglewuggleCommented:
No prob! :-)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.