We have a VPN concentrator 3020 with several 831s connecting to it. I want PCs at each site to resolve our email server's name using our internal DNS servers, not public ones provided by the ISP. I want each 831 to route Internet traffic straight out, not tunnel it to the corporate LAN.
I have configured the 3020 to supply our internal DNS server addresses to the 831s but often the 831s put the public DNS at the top of the list for DHCP clients, thus our email server's name gets resolved to the public address which will not allow Outlook to work.
What can I configure on the 3020 or the 831s to for PCs at the remote sites to resolve that name to the internal address?
on the 3020, you can configure a feature named "split dns". go configuration > user management > groups > client config, the last option.
according to cisco:
Split DNS lets an internal DNS server resolve a list of centrally-defined Local Domain Names, while ISP-assigned DNS servers resolve all other DNS requests. It is used in split-tunneling connections; the internal DNS server resolves the domain names for traffic through the tunnel, and the ISP-assigned DNS servers resolve DNS requests that travel in the clear to the Internet.
The VPN Concentrator does not support split-DNS for Microsoft VPN Clients; however, it does support split DNS for the Cisco VPN Client operating on Microsoft Windows operating systems.
Enter each domain name to be resolved by the internal server. Use commas but no spaces to separate the names.
I tried setting this up, but it didn't seem to work. Is there some config on the 831 req'd to use this? If I use "import all" under the dhcp section on the 831, the DNS servers are listed with the ISP's first, then the internal ones.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :