02-17-2012 07:49 AM
Our employees use a cisco IPSEC client to connect to our 5520 for VPN connectivity. This system has been up and working for 3 years. Now we're getting intermittent DNS issues reported. When an employee connects from home sometimes the employee's computer will use their ISP's DNS servers instead of our internal DNS servers that are listed in the group profile. This does not happen every time. Are ISP's starting to do something that is affecting the way DNS works over VPN? Please help.
02-17-2012 08:12 AM
Hi Randy,
Not that Iam aware of from ISP point. Did you try reinstall the client on the clients with issues? The VPN adapter DNS should take priority.
Thx
MS
02-17-2012 11:27 AM
Yes we've tried different clients both Cisco and third party with the same result.
02-17-2012 11:28 AM
If no split dns domains are specified then then only the VPN DNS server should be used. Does this affect all users or just one?
02-17-2012 11:37 AM
It affects some users not all. It's very difficult to recreate. And split tunneling is enabled, and default domain is specified. I'm not sure about the split dns domains. Where is that configured in the ASDM?
02-17-2012 11:42 AM
This is the group policy
group-policy xxxxx attributes
wins-server value 10.20.16.5 10.20.16.6
dns-server value 10.20.16.3 10.20.16.4
vpn-tunnel-protocol IPSec l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value xxxxx_splitTunnelAcl_2
default-domain value xxxxxx.com
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: