Solved

Cisco VPN Client using wrong DNS server

Posted on 2010-11-16
5
1,251 Views
Last Modified: 2012-05-10
Hi All,

I am having a strange issue with a number of our Cisco VPN clients.  The VPN clients connect into a Cisco ASA 5510 which is setup to send all traffic for clients via the company network. I.E no split tunnelling!

This works fine for 90% of the clients but strangely the othe 10% are using their local DNS (rather than the company DNS servers) when connected.  Consequently they cannot connect to any company servers etc by name - i.e intranet and mapped drives don't work.

We have tried a number of versions of the VPN client including the latest and are not closer to a solution - does anyone know how to resolve this?!

Many thanks

Rob
0
Comment
Question by:robclarke41
  • 2
  • 2
5 Comments
 
LVL 7

Expert Comment

by:Anglo
ID: 34145019
WHat OS are they using?  We have had DNS issues with Vista & 7 and have to disable IPv6 on the network interfaces.
0
 
LVL 1

Author Comment

by:robclarke41
ID: 34145029
We are using XP so are not having any IPv6 problems
0
 
LVL 11

Accepted Solution

by:
diprajbasu earned 500 total points
ID: 34145113
There is a known and old problem within Windows, where it will by default query "local" DNS servers before it queries DNS servers that are on "WAN" (which is what VPN connections appear to be) links.

Refer to : http://support.microsoft.com/?id=311218

You can try using the script here:

http://blogs.technet.com/brucecowper/archive/2005/03/28/403043.aspx

that will change the binding order.  This will cause the DNS queries to go to the DNS servers provide the the DHCP server of for the VPN.  Please note that any unqiue host names resolved by the "local" DNS (192.168.1.5) will NO longer get resolved properly unless they are also defined on 10.21.0.100.


docs from EE
0
 
LVL 11

Expert Comment

by:diprajbasu
ID: 34145127
0
 
LVL 1

Author Closing Comment

by:robclarke41
ID: 34145700
That was it thanks!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco RSTP portfast 3 49
Cisco IP NAT Translation not working 9 26
Routing 2 local networks together 8 69
Which is more secure: EAP or machine certificate for IKEv2 VPN? 1 32
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now