Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5454
Views
5
Helpful
2
Replies

Multiple domain suffixes for VPN clients

tonycody
Level 1
Level 1

‎03-05-2008 12:18 PM - edited ‎02-21-2020 03:36 PM

Is it possible to have multiple domain suffixes passed to Cisco VPN clients from an ASA VPN head? default-domain in the group policy adds our domain correctly to the search order, but we have multiple domains we need added. If we connect, then manually add the desired suffix to the search list, we can successfully ping/navigate by UNC shortname (host1 instead of host1.abc.local). We'd really like that not to be the method, though, as you can imagine.

Thanks for any assistance!

Labels:
0 Helpful
2 Replies 2

bwilmoth
Level 5
Level 5

‎03-11-2008 11:34 AM

you can enable is split tunnel configuration and split DNS names under

Configuration | User Management | Groups | Modify

Split Tunneling Policy

*Only tunnel networks in the list

*Split Tunneling Network List

Split DNS Names

Enter the set of domains, separated by commas without spaces, to be resolved through the Split Tunnel. The Default Domain Name must be explicitly included in Split DNS Names list if it is to be resolved through the tunnel.

Split DNS lets an internal DNS server resolve a list of centrally-defined Local Domain Names, while ISP-assigned DNS servers resolve all other DNS requests. It is used in split-tunneling connections; the internal DNS server resolves the domain names for traffic through the tunnel, and the ISP-assigned DNS servers resolve DNS requests that travel in the clear to the Internet.

The VPN Concentrator does not support split-DNS for Microsoft VPN Clients; however, it does support split DNS for the Cisco VPN Client operating on Microsoft Windows operating systems.

torex-hiscom
Level 1
Level 1
In response to bwilmoth

‎12-21-2010 05:48 AM

Actually the DNS list in Split Tunneling is not used as a suffix search list. It is only for the decision to search through the tunnel or outside the tunnel, but you still need to use the FQDN in the search. It doesn't resolve when you search only by a hostname which belongs to another domain than the default domain name. I still haven't found a solution for this, unfortunately.

Regards,

Albert Bruggeman

Sr.Technical Consultant

iSOFT

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents