[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2002
  • Last Modified:

Cisco VPN w/Vista and Split DNS

I have a Cisco ASA running with 8.x code. I have a user using a wireless CDMA card with Vista that VPNs in the network with the Cisco IPSec VPN client. I also have split tunneling enabled. When the users connects, they are assigned a DNS server that is the company's internal server. However, when I perform an NSLookup, I am somehow using the external DNS server.

access-list XYZ_VPN_splitTunnelAcl permit ip object-group Internal_Net any
vpngroup XYZ_VPN dns-server 172.16.xxx.11 172.16.xxx.10
vpngroup XYZ_VPN wins-server 172.16.xxx.10 172.16.xxx.11
vpngroup XYZ_VPN default-domain xyz.com
vpngroup XYZ_VPN split-tunnel XYZ_VPN_splitTunnelAcl
vpngroup XYZ_VPN split-dns xyz.com

From the Vista PC (IPConfig)
 Connection-specific DNS Suffix  . : xyz.com
  DNS Servers . . . . . . . . . . . : 172.16.xxx.11
                                                172.16.xxx.10

C:\>nslookup
Default Server:  ns1.kscymar06.spcsdns.net
Address:  68.28.82.91
 
www.google.com
Server:  www.google.com.xyz.com
Address:  205.178.152.103
 
Non-authoritative answer:
Name:    nslookup.xyz.com
Address:  205.178.152.103
 
So there is the DNS query going to DNS server bypassing their VPN.  Next I changed the default DNS server to their DNS server.
 
> server 172.16.xxx.11
Default Server:  [172.16.xxx.11]
Address:  172.16.xxx.11
 
Now DNS queries hit their DNS server.  Here are the responses I received.
 
> nslookup www.google.com
Server:  www.l.google.com
Addresses:  74.125.127.147
          74.125.127.99
          74.125.127.104
          74.125.127.103
Aliases:  www.google.com

Is this a Vista issue, a split tunneling issue, VPN Client issue, or something else?
0
Swami_Newport
Asked:
Swami_Newport
1 Solution
 
lrmooreCommented:
>vpngroup XYZ_VPN split-dns xyz.com
You are doing split-dns, so the only time the client uses the 172.16.xx.11 dns server is to resolve host.xyz.com
0

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now