• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4567
  • Last Modified:

How to resolve DNS resolution on Cisco VPN Client 5.0.07 on Windows 7 64-bit

Hi,

I have installed the Cisco VPN Client 5.0.07.0440 on several Windows 7 Pro 64-bit, the vpn client can connect to the Cisco ASA 5510 but the DNS resolution for internal IP does NOT work.

Any idea on how to resolve this issue?

Many thanks.
Czar
0
czarbapora
Asked:
czarbapora
  • 4
  • 3
1 Solution
 
Ernie BeekExpertCommented:
What if you use the fqdn (if you haven't try that allready)?
0
 
czarbaporaAuthor Commented:
I have tried editing the host file and entered the fqdn of the internal server... it does work. but this is not the solution, vpn tunneling should split the connections (internet and lan). and should be able to resolve dns queries.

Thanks.
0
 
Ernie BeekExpertCommented:
My guess is that the client machine doesn't automatically add the DNS suffix for your internal domain. That's why the fqdn works and using only the hostname doesn't. Am I right in that assumption?
If so, you should look at the DNS suffixes in the TCP/IP properties.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
czarbaporaAuthor Commented:
The DNS suffix for internal domain is added automatically once vpn is stablished, but both hostname and fqdn does not work... what i mean in my previous comment is that fqdn works only if I enter the 10.1.1.xxx hostname.domain.local in the host file of the local computer.
0
 
Ernie BeekExpertCommented:
I assume your internal DNS server is also added? And you can ping that ip when the VPN is established?
0
 
Syed_M_UsmanSystem AdministratorCommented:
may i know who is assigning IP to rmote vpn clients? check what gateway you are getting on DHCP clients.

0
 
czarbaporaAuthor Commented:
I found this, the release note for Cisco VPN client 5.0.07

DNS Server on Private Network with Split DNS Causes Problems

When an ISP DNS server is included in the Split Tunneling Network List and Split DNS Names are configured, all DNS queries to domains other than those in the Split DNS Names list are not resolved.
 
By definition, split DNS is used so that only certain domains get resolved by corporate DNS servers, while rest go to public (ISP-assigned) DNS servers. To enforce this feature, the VPN Client directs DNS queries that are about hosts on the Split DNS Names list to corporate DNS servers, and discards all DNS queries that are not part of the Split DNS Names list.
 
The problem is when the ISP-assigned DNS servers are in the range of the Split Tunneling Network List. In that case, all DNS queries for non-split-DNS domains are discarded by the VPN Client.
 
To avoid this problem, remove the ISP-assigned DNS server from the range of the Split Tunneling Network List, or do not configure split DNS (CSCee66180).

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client5007/release/notes/vpnclient5007.html#wp63537Network

0
 
czarbaporaAuthor Commented:
Thanks all for you comments!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now