Problem : ASA VPN issue can't resolve name from local DNS

Unanswered Question
Feb 10th, 2010

vpn-dns-issue.png


Cisco ASA VPN issue can't resolve name from local DNS


If i connect via LAN i can resolve name from DNS server normaly but when i connect vpn via internet


case 1 connect vpn use split tunnel for internal ip connect to tunnel and internet serf via local internet [can resolve form dns of connected internet ]


C:\>nslookup normanxak.local


*** Can't find server name for address 192.168.1.2: Non-existent domain
*** Can't find server name for address 192.168.1.18: Non-existent domain
Default Server:  dns1.asianet.co.th
Address:  203.144.207.29


*** dns1.asianet.co.th can't find normanxak.local: Non-existent domain


case 2 connect vpn no use split tunnel


C:\>nslookup
*** Can't find server name for address 192.168.1.2: Non-existent domain
*** Can't find server name for address 192.168.1.18: Non-existent domain
Default Server:  dns1.asianet.co.th
Address:  203.144.207.29


> normanxak.local
Server:  dns1.asianet.co.th
Address:  203.144.207.29


Name:    normanxak.local
Addresses:  192.168.1.18, 192.168.1.17, 192.168.1.2


thank u for best support

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hdashnau Wed, 02/10/2010 - 11:51

In the group-policy you have split-dns setup as "split-dns value 192.168.1.2 192.168.1.18" This is incorrect.The values for the split-dns setting should not be IP addresses -- they need to be the internal domain name that you want to resolve over the tunnel. For example if I wanted my dns request for myhost.cisco.com to go over the tunnel and everything else (like xxxx.google.com or xxxx.yahoo.com) to use my normal Internet DNS server, in the group policy I would have "split-dns value cisco.com"


-heather

khahodeka Wed, 02/10/2010 - 12:05

now i remove "


split-dns value 192.168.1.2 192.168.1.18 "


but i can't solve name same...



group-policy BO2VPN internal

group-policy BO2VPN attributes

dns-server value 192.168.1.2 192.168.1.18

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value BO2VPN_splitTunnelAcl


group-policy BO3VPN internal

group-policy BO3VPN attributes

dns-server value 192.168.1.2 192.168.1.18

vpn-tunnel-protocol IPSec



bobby.armstrong Wed, 03/17/2010 - 20:05

khahodeka wrote:


now i remove "


split-dns value 192.168.1.2 192.168.1.18 "


but i can't solve name same...


I don't think he meant for you to remove the statement, but instead replace it with:


"split-dns value domain1.local domain2.local"

KimEriksen Wed, 03/17/2010 - 08:11

Hello,


Try set "asianet.co.th" to default domain under your vpn policy



Kim Eriksen

Field Engineer

Infolink ApS

Actions

This Discussion