Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Remote-Access_vpn

I have configured Remote access VPN on ASA5510. VPN clients are able to connect to the internal network and they can ping local Lan computers but I am not able to assign the DNS address of the local Subnet to the VPN Clients. Please suggest what needs to be configured on the ASA.

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: Remote-Access_vpn

group-policy internal

group-policy attributes

dns-server value

12 REPLIES
Green

Re: Remote-Access_vpn

group-policy internal

group-policy attributes

dns-server value

New Member

Re: Remote-Access_vpn

Thanx Bro...it works.

New Member

Re: Remote-Access_vpn

I did this setting and when my users connect to the VPN the IPConfig /all shows the dns servers and they can do an NSlookup and the dns returns the correct value. But when they try to ping or browse to the destination by name this fails.

It was working for about an hour and then just stopped working. I have this in my config.

group-policy default internal

group-policy default attributes

wins-server value 10.1.1.25 10.1.1.21

dns-server value 10.1.1.25 10.1.1.21

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value default_splitTunnelAcl

default-domain value legalplans.com

New Member

Re: Remote-Access_vpn

Are you able to ping by using IP address.

New Member

Re: Remote-Access_vpn

yea I can ping by IP to all the networks. I added the line. Split-DNS legalplans.com

I think it takes a few minutes for the dns to start working to the client. I cant ping within the first minute of connecting but if I stay connected long enough it seems to work. (sometimes)

Ever heard of this issue?

New Member

Re: Remote-Access_vpn

this problem is being faced by the VPN users only or everybodu in the LOCAL LAN.

New Member

Re: Remote-Access_vpn

VPN users only. Works fine on the LAN

New Member

Re: Remote-Access_vpn

DNS- Server is able to resolve the name.Right? But after that it is not pinging that particular IP!

LAN users are accessing the internet through Firewaal. If yes....share the commands you configured for NAT or PAT.

Thanx

New Member

Re: Remote-Access_vpn

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 10 0.0.0.0 0.0.0.0

nat (dmz) 0 access-list dmz_outbound_nat0_acl

nat (dmz) 10 0.0.0.0 0.0.0.0

New Member

Re: Remote-Access_vpn

you are not using any NAT id for the given subnets. And which statements you are using for providing internet connectivity. these statements are for Nat_exemption, I assume.

2ndly is your DNS server is resolving the DNS names to ip addresses for VPN users?

New Member

Re: Remote-Access_vpn

The NAT statements let the traffic to the internal and DMZ networks and to the Internet on PAT. THen I have route statements for the VPN network that route it too.

ALl of the routing works fine. The VPN users can do a nslookup and the DNS server responds but when doing a ping by name their is no response. Again by IP to these same computers ping works fine.

Not sure what the issue is.

New Member

Re: Remote-Access_vpn

IF possible can you paste your run-config here.?

211
Views
5
Helpful
12
Replies