Solved

Cisco VPN w/Vista and Split DNS

Posted on 2009-05-06
2
1,997 Views
Last Modified: 2012-05-06
I have a Cisco ASA running with 8.x code. I have a user using a wireless CDMA card with Vista that VPNs in the network with the Cisco IPSec VPN client. I also have split tunneling enabled. When the users connects, they are assigned a DNS server that is the company's internal server. However, when I perform an NSLookup, I am somehow using the external DNS server.

access-list XYZ_VPN_splitTunnelAcl permit ip object-group Internal_Net any
vpngroup XYZ_VPN dns-server 172.16.xxx.11 172.16.xxx.10
vpngroup XYZ_VPN wins-server 172.16.xxx.10 172.16.xxx.11
vpngroup XYZ_VPN default-domain xyz.com
vpngroup XYZ_VPN split-tunnel XYZ_VPN_splitTunnelAcl
vpngroup XYZ_VPN split-dns xyz.com

From the Vista PC (IPConfig)
 Connection-specific DNS Suffix  . : xyz.com
  DNS Servers . . . . . . . . . . . : 172.16.xxx.11
                                                172.16.xxx.10

C:\>nslookup
Default Server:  ns1.kscymar06.spcsdns.net
Address:  68.28.82.91
 
www.google.com
Server:  www.google.com.xyz.com
Address:  205.178.152.103
 
Non-authoritative answer:
Name:    nslookup.xyz.com
Address:  205.178.152.103
 
So there is the DNS query going to DNS server bypassing their VPN.  Next I changed the default DNS server to their DNS server.
 
> server 172.16.xxx.11
Default Server:  [172.16.xxx.11]
Address:  172.16.xxx.11
 
Now DNS queries hit their DNS server.  Here are the responses I received.
 
> nslookup www.google.com
Server:  www.l.google.com
Addresses:  74.125.127.147
          74.125.127.99
          74.125.127.104
          74.125.127.103
Aliases:  www.google.com

Is this a Vista issue, a split tunneling issue, VPN Client issue, or something else?
0
Comment
Question by:Swami_Newport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 24332334
>vpngroup XYZ_VPN split-dns xyz.com
You are doing split-dns, so the only time the client uses the 172.16.xx.11 dns server is to resolve host.xyz.com
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question