Cisco VPN client issue

Hi All,

    Ex : -->>211.1.100  --> Intranet server IP address  --> Natted IP address of Intranet server.

If we access from Corporate network it resolve as and over the internet it would be as

 Issue is when we connect through VPN it must resolve as but it resolved in the public IP, even though it was allowed to access over VPN.

 Real issue comes here if this particular IP access over the internet it will not allowed to access other links as per our Corporate policy.

In Vista alone we have this porblem, we able to connect the Cisco VPN client without any issues. After connecting into the VPN we are not able to resolve intranet sites, even though IPs are allowed to access over the VPN.

Note : By adding host entry it works without any issues. Its possible to make host entry for more than 120+ servers.

Details : Cisco ASA 5510 , 7.2 IOS version, VPN client 5.0x

Kindly share your experience to resolve this issue.


Who is Participating?
Istvan KalmarConnect With a Mentor Head of IT Security Division Commented:

Only default group policy give back dns:
group-policy DfltGrpPolicy attributes
 banner none
 wins-server none
 dns-server value

Others not:
group-policy sage internal
group-policy sage attributes
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value sage

ok this is a DNS issue on your VPN policy map.

can you send us configs for the CISCO 5510 please .

Please do not include any Public IP address.

Istvan KalmarConnect With a Mentor Head of IT Security Division Commented:
Please configure internal DNS server address to vpn client....
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

kumarnirmalAuthor Commented:

Here with attached the config file


If it is DNS issue on your VPN policy map, how it works flawlessly for years on 2000 and XP machines , only Vista we face these problem.


VPN clients receiving IP and DNS address through DHCP server . Are you meant to say this ??


Istvan KalmarHead of IT Security Division Commented:
and this line is need:

access-list inside_nat0_outbound extended permit ip any
Istvan KalmarHead of IT Security Division Commented:
And there is a lot of group policy where you definied split tunnel acl, but I'm not seing on config...
This is a known issue with 7.0.x versions of ASA code.  Upgrade to 8.2 and it'll fix the problem.  --TX
kumarnirmalAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.