split DNS on ASA 5510 remote access vpn not working

Answered Question

I'm successfully connecting to the tunnel and can ping hosts remotely by IP but am unable to browse the internet from the VPN client. Also, host name resolution on remote end is not working .. can only connect via IP address. Ideas? Thanks again!



Attachment: 
Correct Answer by hdashnau about 7 years 5 months ago

Your PTRAS group-policy has the correct split tunneling and split dns settings. But I think you are being assigned the DfltGrpPolicy rather than your PTRAS group-policy because the group-policy is not set in your tunnel group nor being passed from authentication.


Do a "show vpn-sessiondb remote" to confirm which group policy is being assigned To fix it, assign your PTRAS group policy to your tunnel group as follows:


tunnel-group general-attributes

default-group-policy PTRAS



-heather

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
hdashnau Thu, 11/05/2009 - 10:30
User Badges:
  • Cisco Employee,

Your PTRAS group-policy has the correct split tunneling and split dns settings. But I think you are being assigned the DfltGrpPolicy rather than your PTRAS group-policy because the group-policy is not set in your tunnel group nor being passed from authentication.


Do a "show vpn-sessiondb remote" to confirm which group policy is being assigned To fix it, assign your PTRAS group policy to your tunnel group as follows:


tunnel-group general-attributes

default-group-policy PTRAS



-heather

Actions

This Discussion