Is it possible to have multiple domain suffixes passed to Cisco VPN clients from an ASA VPN head? default-domain in the group policy adds our domain correctly to the search order, but we have multiple domains we need added. If we connect, then manually add the desired suffix to the search list, we can successfully ping/navigate by UNC shortname (host1 instead of host1.abc.local). We'd really like that not to be the method, though, as you can imagine.
you can enable is split tunnel configuration and split DNS names under
Configuration | User Management | Groups | Modify
Split Tunneling Policy
*Only tunnel networks in the list
*Split Tunneling Network List
Split DNS Names
Enter the set of domains, separated by commas without spaces, to be resolved through the Split Tunnel. The Default Domain Name must be explicitly included in Split DNS Names list if it is to be resolved through the tunnel.
Split DNS lets an internal DNS server resolve a list of centrally-defined Local Domain Names, while ISP-assigned DNS servers resolve all other DNS requests. It is used in split-tunneling connections; the internal DNS server resolves the domain names for traffic through the tunnel, and the ISP-assigned DNS servers resolve DNS requests that travel in the clear to the Internet.
The VPN Concentrator does not support split-DNS for Microsoft VPN Clients; however, it does support split DNS for the Cisco VPN Client operating on Microsoft Windows operating systems.
Actually the DNS list in Split Tunneling is not used as a suffix search list. It is only for the decision to search through the tunnel or outside the tunnel, but you still need to use the FQDN in the search. It doesn't resolve when you search only by a hostname which belongs to another domain than the default domain name. I still haven't found a solution for this, unfortunately.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...