asked on

Cisco ASA Anyconnect DNS issue

After connecting to network via VPN, I am able to access to resources by DNS name, but some resources I can access only with IP address not DNS name. Any idea ?

Thanks!

Early Learning Coalition

What resources?

Golchehr

ASKER

Servers, Map Drives,...

Early Learning Coalition

It's because of saved credentials or DNS

Try to do a nslookup witht he hostname

See if DNS responds correctly

Golchehr

ASKER

I het result by IP address not DNS name

C:\WINDOWS\system32>ping yy
Ping request could not find host yy. Please check the name and try again.

C:\WINDOWS\system32>nslookup 10.10.50.250
Server: yyyy
Address: 10.10.50.10

Name: yy
Address: 10.10.50.250

Early Learning Coalition

On the cisco asa under group-policy what values do you have under split-dns? it should be the domain name not IP address

Golchehr

ASKER

It is domain name. I am able to connect to some map drives and server by DNS name. Only some of them working with IP address.

Early Learning Coalition

the ones that only working with IP, had you mapped them before with UNC ?

Golchehr

ASKER

Yes, And I also try to access it via \\..... and it doesn't work. I can ping with IP address but not DNS name.

Early Learning Coalition

Enable split-exclude tunneling for an IP address, which allows the local DNS requests to flow through the physical adapter

Joseph Hornsey

Can you post a scrubbed config?

Also, under your policy-map, you'll see "inspect dns preset_dns_map". Issue a 'no inspect dns preset_dns_map' command there and then issue an 'inspect dns' command.

Golchehr

ASKER

I fixed the issue. Since we have to domains. I added the second domain in split-dns command.

This question needs an answer!

Become an EE member today

7 DAY FREE TRIAL

Members can start a 7-Day Free trial then enjoy unlimited access to the platform.

View membership options

Learn why we charge membership fees

We get it - no one likes a content blocker. Take one extra minute and find out why we block content.