Cisco Anyconnect DNS issue on non-domain computers

I've set up a SSLVPN-solution for one of our offices (ASA 5505), and it works fine for computers joined in the company-domain. But when logged in with a non-domain computer the DNS-suffix does not update, and they have to access company-servers by IP-address.
Any ideas?
tgeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AngloCommented:
Not sure if the ssl is the same but using standard cisco vpn I get the same issue if the users (vista & 7) network interfaces have IP v6 enabled.  Try disabling V6 on all interfaces and try again.
tgeAuthor Commented:
Tried disabling IPv6 on all interfaces, nu luck.
Difference between domain computer and non computer is:
Domain: DNS Suffix Search list: Child domain
                                                    Parent Domain

Non-Domain: DNS Suffix Search list: Child domain.

This seems to be managed the Cisco VPN Client because I can’t seem to affect it using the normal network control settings in Windows.
In order for things to work properly, I think the parent domains also need to go into the  DNS Suffix Search List when a VPN connection is made. Perhaps there is some Cisco VPN setting that controls this?
AngloCommented:
Yes you should be able to configure the VPN server to add DNS pointers.  I think you will need the split-dns feature.  See if this gives you any pointers. http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ezvpn505.html
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

asavenerCommented:
I'm encountering the same issue.

DNS suffix search list gets modified when users connect using the Cisco IPSec VPN client.  

DNS suffix search list does not get modified when users connect using the Anyconnect client.

DNS lookup using the full-qualified domain name works, so long as the correct domain is entered in the DNS section of the SSL VPN connection profile.

We're using the same group policy for both the IPSec client connection profile and the SSL VPN connection profile.
asavenerCommented:
OK, I found that the Anyconnect client does not support split DNS.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/vpngrp.html#wp1135689

It supports DNS tunneling, which is why the FQDN lookups will work.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.