We have an ASA5510 with Windows VPN Clients (current stable version) connecting to it. I set up split DNS to force the clients to lookup the internal domains with the nameserver on our network.
Split DNS Config as follows:
group-policy VPN attributes
dns-server value 192.168.0.196
split-tunnel-network-list value VPN_splitTunnelAcl
default-domain value myinternaldomain.de
split-dns value myinternaldomain.de myinternaldomain2.de
Now when after connecting the clients make nslookups (on Windows XP), the internal names are looked up in no time.
When a public name like google.de is being looked up, nslookup runs into a timeout like this and finally answer the query.
DNS request timed out.
timeout was 2 seconds.
Nicht autorisierte Antwort:
Addresses: 184.108.40.206, 220.127.116.11, 18.104.22.168
The tunnel traffic policy is simple:
access-list VPN_splitTunnelAcl standard permit our_main_private_net 255.255.255.0
access-list VPN_splitTunnelAcl standard permit some_other_private_net_in_10_classA 255.128.0.0
Using the MacOS Cisco VPN client, the problem doesn't exist!
The Setup has been tested on all different kinds of networks, wireless, DSL, anything. The issue is not limited to one computer only.
Thanks for your help