cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
624
Views
0
Helpful
8
Replies

DNS at branch offices

I have a HQ site located in the UK and all my main infrastructure is located within this site. At this site I have a VPN 3000 concentrator.

I am thinking of deploying a 878 router at our new branch office in Australia.

Now, since people in Australia will need to access stuff in the UK over the VPN link I need to give them some sort of DNS, I could either make them use their ISP dns servers or the dns servers in the UK.

I think with the latency between Australia/UK using the dns servers at the HQ site would not be a smart move, on the other hand if I use the ISP dns servers they won't be able to resolve domain.local.

I can't setup a new dns server in Australia, is there some way of doing some 'split dns' where I query the UK for domain.local and use the ISP dns servers for everything else?

Thanks in advance,

Ben

8 Replies 8

Farrukh Haroon
VIP Alumni
VIP Alumni

Yes, split-DNS would be the way to go here. Have a look at:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a008015f324.shtml

Please rate helpful posts.

Regards

Farrukh

Thanks for the reply. That example seems to be for a software vpn client. How would this apply to a router running IOS?

Thanks - Ben

It shouldn't matter as long as its supported. The policies are defined at the EZVPN Server (Concentrator) and not the client.

Regards

Farrukh

OK, great - thanks for clarifying this.

I was reading about ezvpn here: http://www.cisco.com/warp/public/471/vpn_ios_ezvpn.pdf

It seems that I can't do split tunneling, does this mean that all outbound traffic from the branch office goes via the HQ site where the concentrator is located?

The document seems to be talking about the 'Local LAN Access' feature. Have a look at:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00806f34fa.shtml

Regards

Farrukh

Hi again, I thought I would post my progress.

I have got everything working, however it does seem that you cannot do split-dns with split tunnels. I haven't tried this without the split tunnels yet, I guess this is a limitation of the software?

I'm not aware of any such limitation, they should work together.

Regards

Farrukh

Hi There,

I'm interested in hearing what solution you ended up using in the end. I'm at much the same point as you were. I have several VPN tunnels from remote locations (cisco 877's) to a Cisco PIX firewall.

I want queries to our Active Directory domain (abccompany.local) to pass to the local DNS, and all other queries to pass to public DNS servers.

Any examples you could give would be much appreciated.

Thanks,

Kevin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: