mudfrog
asked on
Cisco ASA 5510 AnyConnect DNS issues.
Please bear with me. I've not had much hands on with ASA configuration etc...
I'm looking at setting up some users with an AnyConnect VPN connection and to then connect to our internally hosted Terminal Server farm.
The AnyConnect connection looks to be setup however when I establish a connection I cannot connect to any resources when using the DNS name. I can use the IP address OK and it resolves it fine.
I've seen a setting in the ASDM Connection Profiles VPN profile and within it under the DNS section its set to the Default DNS and the internal DNS servers are listed. However when I click on manage under the DNS Lookup section DNS Enabled is disabled on the outside interface.
I'm thinking that this is the issue. Would this be the case? What reason would it be disabled for?
Any help/advice would be great. Step by step via ASDM preferred.
Thanks,
Rich
I'm looking at setting up some users with an AnyConnect VPN connection and to then connect to our internally hosted Terminal Server farm.
The AnyConnect connection looks to be setup however when I establish a connection I cannot connect to any resources when using the DNS name. I can use the IP address OK and it resolves it fine.
I've seen a setting in the ASDM Connection Profiles VPN profile and within it under the DNS section its set to the Default DNS and the internal DNS servers are listed. However when I click on manage under the DNS Lookup section DNS Enabled is disabled on the outside interface.
I'm thinking that this is the issue. Would this be the case? What reason would it be disabled for?
Any help/advice would be great. Step by step via ASDM preferred.
Thanks,
Rich
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can you post a sanitised config?
pl
pl
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Because I found part of the problem myself.
Split Tunneling allows the User to connect to your network and access resources, via IP, but also splits out the HTTP traffic from your browser to use your LOCAL internet connection. When this is set up, the VPN group is required to use IP addresses for access to network (VPN) resources - servers, printers, shares etc.
If you did not have split tunneling configured all internet traffic from the VPN connected machine would route through your office's ISP connection, which could cause delays with accessing sites etc depending on your office's speeds.