Solved

Cisco VPN w/Vista and Split DNS

Posted on 2009-05-06
2
1,994 Views
Last Modified: 2012-05-06
I have a Cisco ASA running with 8.x code. I have a user using a wireless CDMA card with Vista that VPNs in the network with the Cisco IPSec VPN client. I also have split tunneling enabled. When the users connects, they are assigned a DNS server that is the company's internal server. However, when I perform an NSLookup, I am somehow using the external DNS server.

access-list XYZ_VPN_splitTunnelAcl permit ip object-group Internal_Net any
vpngroup XYZ_VPN dns-server 172.16.xxx.11 172.16.xxx.10
vpngroup XYZ_VPN wins-server 172.16.xxx.10 172.16.xxx.11
vpngroup XYZ_VPN default-domain xyz.com
vpngroup XYZ_VPN split-tunnel XYZ_VPN_splitTunnelAcl
vpngroup XYZ_VPN split-dns xyz.com

From the Vista PC (IPConfig)
 Connection-specific DNS Suffix  . : xyz.com
  DNS Servers . . . . . . . . . . . : 172.16.xxx.11
                                                172.16.xxx.10

C:\>nslookup
Default Server:  ns1.kscymar06.spcsdns.net
Address:  68.28.82.91
 
www.google.com
Server:  www.google.com.xyz.com
Address:  205.178.152.103
 
Non-authoritative answer:
Name:    nslookup.xyz.com
Address:  205.178.152.103
 
So there is the DNS query going to DNS server bypassing their VPN.  Next I changed the default DNS server to their DNS server.
 
> server 172.16.xxx.11
Default Server:  [172.16.xxx.11]
Address:  172.16.xxx.11
 
Now DNS queries hit their DNS server.  Here are the responses I received.
 
> nslookup www.google.com
Server:  www.l.google.com
Addresses:  74.125.127.147
          74.125.127.99
          74.125.127.104
          74.125.127.103
Aliases:  www.google.com

Is this a Vista issue, a split tunneling issue, VPN Client issue, or something else?
0
Comment
Question by:Swami_Newport
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 24332334
>vpngroup XYZ_VPN split-dns xyz.com
You are doing split-dns, so the only time the client uses the 172.16.xx.11 dns server is to resolve host.xyz.com
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question