Hi, I am unable to get my 891 router connected by EZVPN to an ASA to resolve DNS querys to the corporate DNS server.
It appears that the DNS queries are not being placed into the tunnel, but instead are using the outside address of the routers.
This leads me to believe that the command domain name-server interface vlan1 is not working.
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
crypto ipsec client ezvpn xxxxxASA
description Home Network Inside
ip address 172.17.64.1 255.255.255.0
ip tcp adjust-mss 1452
crypto ipsec client ezvpn xxxxxASA inside
ip dns view default
domain name x.y.on.ca
domain name-server 220.127.116.11
domain name-server interface Vlan1
ip dns server
I can see by looking at the crypto map nothing is being encapsulated as a result of a name query.
It should be going into this crypto map
protected vrf: (none)
local ident (addr/mask/prot/port): (172.17.64.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (18.104.22.168/255.255.255.0/0/0)
but the count remains as below
#pkts encaps: 25, #pkts encrypt: 25, #pkts digest: 25
#pkts decaps: 25, #pkts decrypt: 25, #pkts verify: 25
with no other counter incrementing.
A ping or telnet from a device on 172.17.64.0 works fine and causes those counters to increment so the tunnel is working.
I can even ping from the router using the source opton on the ping command.
Once in all my attempts to troubleshoot I got the name query to use the tunnel.
Any help is greatly appreciated.
I even tried
ip domain lookup source-interface Vlan1
but that does not work either.
Code is 15.2(4)M6.
debug ip packet 100 that permits 22.214.171.124 in both directions shows the packet going out from the Gi0 ip address.