Our oganisation is having an issue with remote access ipsec vpns from iphones to a ASA firewall. Currently we are able to intiate a VPN and get IP connectivity through the VPN. However we are unable to resolve dns using the internal dns servers. We need this so we can resolve intranet.companyname.local.
I have seen posts in forums mentioning the following but I have been unable to confiirm -
- Apple reserve .local so anything on this domain won't resolve
- Internal DNS won't work on the iPhone cisco VPN client
- There is a bug in version 4 with the Cisco VPN
While troubleshooting I turned on split tunneling and split DNS and can browse to the internet while this is enabled but not to internal sites.
The DNS servers are pingable from the iPhone it just seems it does not use internal DNS servers even though they are in the group policy.
group-policy iPhone attributes
dns-server value 10.x.x.x 10x.x.x
default-domain value companyname.local
split-dns value companyname.local
- iPhone3 version 4.X
- ASA 5520 running 8.2(1)
We would like to tunnel everything ( no split tunneling ) and resolve DNS from our interneral servers once the VPN is enabled from the iPhone. This way we can browse to our internal servers. Any suggestion/answers or similar issues?