Joe
asked on
After installing Cisco Anyconnect VPN we can no longer ping devices via names when connecting to any VPN.
After installing Cisco Anyconnect VPN client we can no-longer ping servers/ PC's over DNS ONLY IP address when connected with a standard windows VPN.
To give more background, we have this issue on 2 computers, both on a domain. PC's without the cisco anyconnect client work fine on any VPN, the ones with it does not work on any VPN.
We have removed the Cisco VPN client, same issues - PC's outside of the domain are also fine without the client installed.
To give more background, we have this issue on 2 computers, both on a domain. PC's without the cisco anyconnect client work fine on any VPN, the ones with it does not work on any VPN.
We have removed the Cisco VPN client, same issues - PC's outside of the domain are also fine without the client installed.
ASKER
Hi Noci,
I agree. To clarify, we have tested this across 3 different VPN connections that are currently working as normal on other devices.
OUR internal DNS resolve is fine, it's just the VPN connections. I have tried to disable iPV6 as people have recommended, i've added in the external site's DC's for DNS servers on the VPN but still no luck.
On the same desktop, If I put a new HDD in, re-install my OS, install the anyconnect client & connect to the RRAS VPN. Works no trouble. It's only on these two desktops that I have this issue. I'm just trying to avoid reinstalling my OS again...
I agree. To clarify, we have tested this across 3 different VPN connections that are currently working as normal on other devices.
OUR internal DNS resolve is fine, it's just the VPN connections. I have tried to disable iPV6 as people have recommended, i've added in the external site's DC's for DNS servers on the VPN but still no luck.
On the same desktop, If I put a new HDD in, re-install my OS, install the anyconnect client & connect to the RRAS VPN. Works no trouble. It's only on these two desktops that I have this issue. I'm just trying to avoid reinstalling my OS again...
IPv6 as such should not cause trouble... but may not work until routing for IPv6 (and possibly passing it through VPN's) has been setup correctly as well.
(IPv6 is just IP with a different address layout, in the core it still uses IP packets. (only with the number 6 in the version field)....
Any IPv4 only stack should ignore those.
If you get AAAA records for systems unreachable by IPv6 then there might be timing issues as a IPv6 is used before IPv4.
disabling IPv6 would then only confirm you need to implement IPv6 correctly.
If installing AnyConnect breaks stuff there is something else not done correctly.
I am afraid i have no windows systems to help you further on that path.
(IPv6 is just IP with a different address layout, in the core it still uses IP packets. (only with the number 6 in the version field)....
Any IPv4 only stack should ignore those.
If you get AAAA records for systems unreachable by IPv6 then there might be timing issues as a IPv6 is used before IPv4.
disabling IPv6 would then only confirm you need to implement IPv6 correctly.
If installing AnyConnect breaks stuff there is something else not done correctly.
I am afraid i have no windows systems to help you further on that path.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It might be an idea to setup a correct key there (with all information YOU need) and try to make it readonly..., or something anyconnect cannot overwrite. Machine registry is not something a user can normally update.
ASKER
"Search List" in HKEY_LOCAL_MACHINE\SYSTEM\
If the remote site pushed a DNS server address that has no lookups for your own site's DNS then stuff breaks through Name lookup.
When you run a domain it is a requirement that one of your Domains DNS servers is still available to your systems, otherwise the domain is unreachable.