07-15-2008 12:22 AM - edited 02-21-2020 02:55 AM
I have a HQ site located in the UK and all my main infrastructure is located within this site. At this site I have a VPN 3000 concentrator.
I am thinking of deploying a 878 router at our new branch office in Australia.
Now, since people in Australia will need to access stuff in the UK over the VPN link I need to give them some sort of DNS, I could either make them use their ISP dns servers or the dns servers in the UK.
I think with the latency between Australia/UK using the dns servers at the HQ site would not be a smart move, on the other hand if I use the ISP dns servers they won't be able to resolve domain.local.
I can't setup a new dns server in Australia, is there some way of doing some 'split dns' where I query the UK for domain.local and use the ISP dns servers for everything else?
Thanks in advance,
Ben
07-15-2008 06:04 AM
Yes, split-DNS would be the way to go here. Have a look at:
Please rate helpful posts.
Regards
Farrukh
07-15-2008 06:29 AM
Thanks for the reply. That example seems to be for a software vpn client. How would this apply to a router running IOS?
Thanks - Ben
07-15-2008 08:42 AM
It shouldn't matter as long as its supported. The policies are defined at the EZVPN Server (Concentrator) and not the client.
Regards
Farrukh
07-16-2008 02:14 AM
OK, great - thanks for clarifying this.
I was reading about ezvpn here: http://www.cisco.com/warp/public/471/vpn_ios_ezvpn.pdf
It seems that I can't do split tunneling, does this mean that all outbound traffic from the branch office goes via the HQ site where the concentrator is located?
07-16-2008 05:19 AM
The document seems to be talking about the 'Local LAN Access' feature. Have a look at:
Regards
Farrukh
07-21-2008 02:14 AM
Hi again, I thought I would post my progress.
I have got everything working, however it does seem that you cannot do split-dns with split tunnels. I haven't tried this without the split tunnels yet, I guess this is a limitation of the software?
07-21-2008 06:02 AM
I'm not aware of any such limitation, they should work together.
Regards
Farrukh
02-17-2009 12:50 AM
Hi There,
I'm interested in hearing what solution you ended up using in the end. I'm at much the same point as you were. I have several VPN tunnels from remote locations (cisco 877's) to a Cisco PIX firewall.
I want queries to our Active Directory domain (abccompany.local) to pass to the local DNS, and all other queries to pass to public DNS servers.
Any examples you could give would be much appreciated.
Thanks,
Kevin
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: