Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 6.2(2) and Split-DNS

We are running a PIX 515 v6.2(2) with Cisco VPN Client 3.5.2C. I was very glad to find a new feature called split-dns.

I tried to implement it similar to checkpoint's split dns but without any success.

Since that feature is very helpful but nearly not documented, does anybody know details about the PIX/Client behaviour or how to successfully implement this feature.

4 REPLIES
Cisco Employee

Re: PIX 6.2(2) and Split-DNS

Split DNS is not going to be implemented in the VPN client until v3.6, and even then it will probably only be a client-to-concentrator feature, not a client-to-PIX for a while.

Where are you seeing the split-DNS function? If you're referring to being able to push down a DNS server to the VPN client from the PIX, that's not really split-DNS. Once this DNS server is pushed down, ALL DNS requests from the PC will go to that DNS server from then on.

The domain name that is also pushed down to the client from the PIX is merely the default domain name, so that if a user tries to connect to a hostname, that domain name will be appended to it. Again though, all DNS queries to any domain will still be done to the DNS server that is pushed down.

New Member

Re: PIX 6.2(2) and Split-DNS

Glenn,

take a look at the documentation ("vpngroup group_name split-dns") - I do not talk about the simple/basic configuration....!

Manfred.

Cisco Employee

Re: PIX 6.2(2) and Split-DNS

Hmmm, correct. It is in the PIX, but still not in the VPN client until v3.6. Split DNS needs to be passed down from the PIX, but it's still a client feature to say that if you're pinging such and such a domain then use this DNS, but if you're pinging this other domain, use that DNS. Similar to the way split tunnelling works, it needs both sides to include the feature, and currently, split-DNS is not in the client.

New Member

Re: PIX 6.2(2) and Split-DNS

What's the release schedule for 3.6? Is there any beta client available?

146
Views
0
Helpful
4
Replies
CreatePlease to create content