Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DNS problem in Anyconnect client

I configured the Anyconnect vpn on the ASA device and I enabled split tunneling with ACE rules to tunnel traffic that matches my INTERNAL and DMZ networks.

I set the DNS server to my ISP's provider.

I can't seem to get any dns when connected with a client, only workaround I have is to put my DNS to 8.8.8.8 and it will work.

My goal is I would like to use either the dns of the client, or send dns through my asa and use my internal dns.

I don't want to put DNS1 as my ISP's, and DNS2 as a public DNS... I find it messy.

I've provided print screens to show my set up with ASDM.

Everyone's tags (5)
3 REPLIES
Cisco Employee

DNS problem in Anyconnect client

Brendan,

So you dont want your DNS to be tunneled is that correct?

Mike

Mike
New Member

DNS problem in Anyconnect client

Yeah I'm asking 2 things here.  I want to learn how to do this both ways.

First of all, How can I tunnel that dns request so it hits my isp's server through my own network?  My ISP's dns's are only accessible to people directly on the network so I assume it needs to be tunnelled and natted or something like that.

Also, is there a way to set up the vpn so that my client will use it's own dns it was using prior to connecting to easyvpn?  Eg:  if I was on a cell phone using the cell phone provider's dns, I want to still use the same dns and tunnel only my lan/dmz traffic.

Thanks.

DNS problem in Anyconnect client

Hi Bro

You'll need to enable the split dns command available in your Cisco ASA FW. Here's a sample

group-policy NETWORK_ADMIN attributes

dns-server value 10.10.10.4 202.188.1.5

split-tunnel-policy tunnelspecified

split-tunnel-network-list value ACL_NETWORK_ADMIN

default-domain value cisco.com

split-dns value cisco.com

P/S: If you think this comment is helpful, please do rate them nicely :-)

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
1724
Views
0
Helpful
3
Replies