ASA - VPN Domain Name not given to clients

Unanswered Question
Feb 4th, 2008

I am setting up a new ASA 5510 with v8 software. I have L2TP-IPSec clients using the Microsoft Client to connect. Once connected the client receives an IP, DNS server and WINS servers but the Domain Name for the "Connection Specific DNS Suffix" is blank. How can I get the clients to pickup the dns suffix?

Also when I do an nslookup hostname, the response is coming from the DNS servers attached to my LAN Adapter, not the VPN Adapter.




group-policy DefaultRAGroup internal

group-policy DefaultRAGroup attributes

wins-server value

dns-server value

vpn-tunnel-protocol IPSec l2tp-ipsec

ip-comp enable

split-tunnel-policy tunnelspecified

split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl

intercept-dhcp enable

group-policy DfltGrpPolicy attributes

vpn-tunnel-protocol l2tp-ipsec webvpn

default-domain value

tunnel-group DefaultRAGroup general-attributes

address-pool DHCPRange2

authentication-server-group RaidiusServers

default-group-policy DefaultRAGroup

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key *

isakmp keepalive disable

tunnel-group DefaultRAGroup ppp-attributes

no authentication chap

no authentication ms-chap-v1

authentication ms-chap-v2

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
didyap Fri, 02/08/2008 - 13:59

One thing you may try on the ASA is to set the 2nd and 3rd DNS server to the same as the first one. If you are running a split tunnel the requests could go to the ISP's DNS servers. Another thing to try, for troubleshooting, would be to do a dedicated connection (no split tunnel) and see if that helps clear up any of the problems.

michael-ham Wed, 02/27/2008 - 10:55

I wasn't able to get the L2TP setup to work as I expected, it seems to me while it is supported the implementation of all the features is not as robust as just using the Cisco client. I had been using Microsoft RAS' implementation of L2TP and it worked great, but I wanted to get away from the server requirement. I was never able to get a Vista L2TP client to connect to the Cisco ASA.

I'm switching over to Cisco client with just IPSec.


This Discussion