Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4353
  • Last Modified:

How to resolve DNS resolution on Cisco VPN Client 5.0.07 on Windows 7 64-bit

Hi,

I have installed the Cisco VPN Client 5.0.07.0440 on several Windows 7 Pro 64-bit, the vpn client can connect to the Cisco ASA 5510 but the DNS resolution for internal IP does NOT work.

Any idea on how to resolve this issue?

Many thanks.
Czar
0
czarbapora
Asked:
czarbapora
  • 4
  • 3
1 Solution
 
Ernie BeekCommented:
What if you use the fqdn (if you haven't try that allready)?
0
 
czarbaporaAuthor Commented:
I have tried editing the host file and entered the fqdn of the internal server... it does work. but this is not the solution, vpn tunneling should split the connections (internet and lan). and should be able to resolve dns queries.

Thanks.
0
 
Ernie BeekCommented:
My guess is that the client machine doesn't automatically add the DNS suffix for your internal domain. That's why the fqdn works and using only the hostname doesn't. Am I right in that assumption?
If so, you should look at the DNS suffixes in the TCP/IP properties.
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 
czarbaporaAuthor Commented:
The DNS suffix for internal domain is added automatically once vpn is stablished, but both hostname and fqdn does not work... what i mean in my previous comment is that fqdn works only if I enter the 10.1.1.xxx hostname.domain.local in the host file of the local computer.
0
 
Ernie BeekCommented:
I assume your internal DNS server is also added? And you can ping that ip when the VPN is established?
0
 
Syed_M_UsmanCommented:
may i know who is assigning IP to rmote vpn clients? check what gateway you are getting on DHCP clients.

0
 
czarbaporaAuthor Commented:
I found this, the release note for Cisco VPN client 5.0.07

DNS Server on Private Network with Split DNS Causes Problems

When an ISP DNS server is included in the Split Tunneling Network List and Split DNS Names are configured, all DNS queries to domains other than those in the Split DNS Names list are not resolved.
 
By definition, split DNS is used so that only certain domains get resolved by corporate DNS servers, while rest go to public (ISP-assigned) DNS servers. To enforce this feature, the VPN Client directs DNS queries that are about hosts on the Split DNS Names list to corporate DNS servers, and discards all DNS queries that are not part of the Split DNS Names list.
 
The problem is when the ISP-assigned DNS servers are in the range of the Split Tunneling Network List. In that case, all DNS queries for non-split-DNS domains are discarded by the VPN Client.
 
To avoid this problem, remove the ISP-assigned DNS server from the range of the Split Tunneling Network List, or do not configure split DNS (CSCee66180).

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client5007/release/notes/vpnclient5007.html#wp63537Network

0
 
czarbaporaAuthor Commented:
Thanks all for you comments!
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now