HI, Recently, we've seen an increase in complaints re: DNS for clients connecting via VPN to our corporate.
Typical problem is that the user connects via Cisco VPN Client to VPN Conc at Corporate - Key applications are failing. We noticed that in most/all cases - the client is resolving the corporate server to its Public IP address (as their ISP DNS is performing the duty of primary DNS server). Needless to say, we have restricted access to the Public IPs, so the applications are failing for the users.
We tried the Split-DNS option enabled in our lab to see if the name resolution works properly - but inspite of the simple setting configuration, it does not work in the lab as well. Users coming to the LAB VPN Conc are still using their ISP DNS servers to resolve the .com domain (which is listed in the Split-DNS setting in the LAB VPN Conc).
I noted a url in cisco - and all 3 options to check on the client side are fine. http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K13241644
At a loss - especially, since some of the users are saying these applications worked for them until recently. Yes, I have done my rounds of checking that nothing had changed on the concentrator. I am thinking this is very specific to the client desktop settings. But, no ammunition yet .. SOS ...