09-11-2008 12:22 PM - edited 03-11-2019 06:43 AM
I have configured Remote access VPN on ASA5510. VPN clients are able to connect to the internal network and they can ping local Lan computers but I am not able to assign the DNS address of the local Subnet to the VPN Clients. Please suggest what needs to be configured on the ASA.
Solved! Go to Solution.
09-11-2008 12:30 PM
09-11-2008 12:30 PM
group-policy
group-policy
dns-server value
09-12-2008 07:10 AM
Thanx Bro...it works.
10-09-2008 12:17 PM
I did this setting and when my users connect to the VPN the IPConfig /all shows the dns servers and they can do an NSlookup and the dns returns the correct value. But when they try to ping or browse to the destination by name this fails.
It was working for about an hour and then just stopped working. I have this in my config.
group-policy default internal
group-policy default attributes
wins-server value 10.1.1.25 10.1.1.21
dns-server value 10.1.1.25 10.1.1.21
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value default_splitTunnelAcl
default-domain value legalplans.com
10-10-2008 07:33 AM
Are you able to ping by using IP address.
10-10-2008 09:09 AM
yea I can ping by IP to all the networks. I added the line. Split-DNS legalplans.com
I think it takes a few minutes for the dns to start working to the client. I cant ping within the first minute of connecting but if I stay connected long enough it seems to work. (sometimes)
Ever heard of this issue?
10-10-2008 10:54 AM
this problem is being faced by the VPN users only or everybodu in the LOCAL LAN.
10-10-2008 11:13 AM
VPN users only. Works fine on the LAN
10-10-2008 11:19 AM
DNS- Server is able to resolve the name.Right? But after that it is not pinging that particular IP!
LAN users are accessing the internet through Firewaal. If yes....share the commands you configured for NAT or PAT.
Thanx
10-13-2008 07:33 AM
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 10 0.0.0.0 0.0.0.0
nat (dmz) 0 access-list dmz_outbound_nat0_acl
nat (dmz) 10 0.0.0.0 0.0.0.0
10-13-2008 09:29 AM
you are not using any NAT id for the given subnets. And which statements you are using for providing internet connectivity. these statements are for Nat_exemption, I assume.
2ndly is your DNS server is resolving the DNS names to ip addresses for VPN users?
10-13-2008 10:25 AM
The NAT statements let the traffic to the internal and DMZ networks and to the Internet on PAT. THen I have route statements for the VPN network that route it too.
ALl of the routing works fine. The VPN users can do a nslookup and the DNS server responds but when doing a ping by name their is no response. Again by IP to these same computers ping works fine.
Not sure what the issue is.
10-13-2008 10:45 AM
IF possible can you paste your run-config here.?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide