cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1002
Views
5
Helpful
12
Replies

Remote-Access_vpn

pranuvpandit
Level 1
Level 1

I have configured Remote access VPN on ASA5510. VPN clients are able to connect to the internal network and they can ping local Lan computers but I am not able to assign the DNS address of the local Subnet to the VPN Clients. Please suggest what needs to be configured on the ASA.

1 Accepted Solution

Accepted Solutions

acomiskey
Level 10
Level 10

group-policy internal

group-policy attributes

dns-server value

View solution in original post

12 Replies 12

acomiskey
Level 10
Level 10

group-policy internal

group-policy attributes

dns-server value

Thanx Bro...it works.

I did this setting and when my users connect to the VPN the IPConfig /all shows the dns servers and they can do an NSlookup and the dns returns the correct value. But when they try to ping or browse to the destination by name this fails.

It was working for about an hour and then just stopped working. I have this in my config.

group-policy default internal

group-policy default attributes

wins-server value 10.1.1.25 10.1.1.21

dns-server value 10.1.1.25 10.1.1.21

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value default_splitTunnelAcl

default-domain value legalplans.com

Are you able to ping by using IP address.

yea I can ping by IP to all the networks. I added the line. Split-DNS legalplans.com

I think it takes a few minutes for the dns to start working to the client. I cant ping within the first minute of connecting but if I stay connected long enough it seems to work. (sometimes)

Ever heard of this issue?

this problem is being faced by the VPN users only or everybodu in the LOCAL LAN.

VPN users only. Works fine on the LAN

DNS- Server is able to resolve the name.Right? But after that it is not pinging that particular IP!

LAN users are accessing the internet through Firewaal. If yes....share the commands you configured for NAT or PAT.

Thanx

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 10 0.0.0.0 0.0.0.0

nat (dmz) 0 access-list dmz_outbound_nat0_acl

nat (dmz) 10 0.0.0.0 0.0.0.0

you are not using any NAT id for the given subnets. And which statements you are using for providing internet connectivity. these statements are for Nat_exemption, I assume.

2ndly is your DNS server is resolving the DNS names to ip addresses for VPN users?

The NAT statements let the traffic to the internal and DMZ networks and to the Internet on PAT. THen I have route statements for the VPN network that route it too.

ALl of the routing works fine. The VPN users can do a nslookup and the DNS server responds but when doing a ping by name their is no response. Again by IP to these same computers ping works fine.

Not sure what the issue is.

IF possible can you paste your run-config here.?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: