Push a DNS Suffix Search List for a IPSEC Client on ASA 8.3

Unanswered Question
Jul 15th, 2010

Hi all,

Is there a way to push a DNS Suffix Search List for IPSEC Clients on ASA 8.3 so that if I ping a hostname it will search multiple domain names in the DNS? For example, if i ping myhost and the DNS Suffix Search List contains mydomain1.com and ny.mydomain.com, it would look for



So far only the default domain enters the list.

I tried split-dns, but none of the domains I configured enters the list... I am using tunnel-all option...


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
wbarboza Tue, 07/27/2010 - 12:32

I have found the answer. But I had to use an ACS for doing that. It was just by using VPN 3000 Radius attribute CVPN3000-IPSec-Default-Domain and then, assigning all of the domain names separated by commas (,) like: cisco.com,sj.cisco.com,nc.cisco.com. ASA doesn`t accept commas...

That`s it...


This Discussion