• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 394
  • Last Modified:

Cisco VPN client issue

Hi All,

    Ex :   abcdcorp.com -->10.1.1.100-->211.1.100

     10.1.1.100  --> Intranet server IP address
     211.1.1.100  --> Natted IP address of Intranet server.

If we access from Corporate network it resolve as 10.1.1.100 and over the internet it would be as 211.1.1.10.

 Issue is when we connect through VPN it must resolve as 10.1.1.100 but it resolved in the public IP 211.1.1.100, even though it was allowed to access over VPN.

 Real issue comes here if this particular IP access over the internet it will not allowed to access other links as per our Corporate policy.

In Vista alone we have this porblem, we able to connect the Cisco VPN client without any issues. After connecting into the VPN we are not able to resolve intranet sites, even though IPs are allowed to access over the VPN.

Note : By adding host entry it works without any issues. Its possible to make host entry for more than 120+ servers.

Details : Cisco ASA 5510 , 7.2 IOS version, VPN client 5.0x

Kindly share your experience to resolve this issue.

Regards
Nazir


0
kumarnirmal
Asked:
kumarnirmal
2 Solutions
 
greekstonesCommented:
Hello

ok this is a DNS issue on your VPN policy map.

can you send us configs for the CISCO 5510 please .

Please do not include any Public IP address.


regards.
0
 
Istvan KalmarCommented:
Please configure internal DNS server address to vpn client....
0
 
kumarnirmalAuthor Commented:
Hi,

Here with attached the config file

@greekstones

If it is DNS issue on your VPN policy map, how it works flawlessly for years on 2000 and XP machines , only Vista we face these problem.

@ikalmar

VPN clients receiving IP and DNS address through DHCP server . Are you meant to say this ??

Regards
Nazir

run
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
Istvan KalmarCommented:
Hi,

Only default group policy give back dns:
group-policy DfltGrpPolicy attributes
 banner none
 wins-server none
 dns-server value 10.8.16.3 10.20.6.3

Others not:
group-policy sage internal
group-policy sage attributes
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value sage
0
 
Istvan KalmarCommented:
and this line is need:

access-list inside_nat0_outbound extended permit ip any 10.21.71.0 255.255.255.0
0
 
Istvan KalmarCommented:
And there is a lot of group policy where you definied split tunnel acl, but I'm not seing on config...
0
 
Texas_BillyCommented:
This is a known issue with 7.0.x versions of ASA code.  Upgrade to 8.2 and it'll fix the problem.  --TX
0
 
kumarnirmalAuthor Commented:
ok
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now