Solved

Cisco VPN w/Vista and Split DNS

Posted on 2009-05-06
2
1,996 Views
Last Modified: 2012-05-06
I have a Cisco ASA running with 8.x code. I have a user using a wireless CDMA card with Vista that VPNs in the network with the Cisco IPSec VPN client. I also have split tunneling enabled. When the users connects, they are assigned a DNS server that is the company's internal server. However, when I perform an NSLookup, I am somehow using the external DNS server.

access-list XYZ_VPN_splitTunnelAcl permit ip object-group Internal_Net any
vpngroup XYZ_VPN dns-server 172.16.xxx.11 172.16.xxx.10
vpngroup XYZ_VPN wins-server 172.16.xxx.10 172.16.xxx.11
vpngroup XYZ_VPN default-domain xyz.com
vpngroup XYZ_VPN split-tunnel XYZ_VPN_splitTunnelAcl
vpngroup XYZ_VPN split-dns xyz.com

From the Vista PC (IPConfig)
 Connection-specific DNS Suffix  . : xyz.com
  DNS Servers . . . . . . . . . . . : 172.16.xxx.11
                                                172.16.xxx.10

C:\>nslookup
Default Server:  ns1.kscymar06.spcsdns.net
Address:  68.28.82.91
 
www.google.com
Server:  www.google.com.xyz.com
Address:  205.178.152.103
 
Non-authoritative answer:
Name:    nslookup.xyz.com
Address:  205.178.152.103
 
So there is the DNS query going to DNS server bypassing their VPN.  Next I changed the default DNS server to their DNS server.
 
> server 172.16.xxx.11
Default Server:  [172.16.xxx.11]
Address:  172.16.xxx.11
 
Now DNS queries hit their DNS server.  Here are the responses I received.
 
> nslookup www.google.com
Server:  www.l.google.com
Addresses:  74.125.127.147
          74.125.127.99
          74.125.127.104
          74.125.127.103
Aliases:  www.google.com

Is this a Vista issue, a split tunneling issue, VPN Client issue, or something else?
0
Comment
Question by:Swami_Newport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 24332334
>vpngroup XYZ_VPN split-dns xyz.com
You are doing split-dns, so the only time the client uses the 172.16.xx.11 dns server is to resolve host.xyz.com
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question