Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

hhm
New Member

Problems with VPN client 4.0 for Windows and DNS

Hi

I’m having a problem with the new VPN client ver. 4.0.

I have a test-environment where I have a VPN3005 concentrator with ver. 4.0 software.

When I connect to this concentrator from a W2k PC using the new ver 4.0 client software the concentrator applies it’s domain name to the client which is OK.

After disconnecting from the concentrator DNS queries to the central DNS-server fails when the query is for an external domain e.g. www.cisco.com.

The cause of this is that the VPN client software doesn’t reestablish my original DNS settings which are : Apply primary and connectionspecific suffixes.

I hope there is a quick fix for this problem

Hans-Henrik

  • Other Security Subjects
4 REPLIES
Bronze

Re: Problems with VPN client 4.0 for Windows and DNS

Did you check the bug tool kit or the release notes for known issues??

New Member

Re: Problems with VPN client 4.0 for Windows and DNS

Cisco Bug ID CSCea93394.. Says its resolved, but its there is no "Fixed in" version number, so I am guessing that means next release...

Release Notes

This is specific to windows version of 4.0 VPN Client. This should not

occur on non-windows platforms or earlier versions of the VPN Client.

When a tunnel is established, the head-end could send a DNS domain to

be used by the client by mode cfg. The VPN Client makes the changes to

the system to use the DNS suffix pushed by the head-end. This is working

fine without any problems. But when the tunnel is disconnected, we don't

undo the DNS suffix change that was made at tunnel connection time.

Example of this problem:

1. Lets say fully qualified hostname is mymachine.mynet.com. Thus the

DNS suffix is mynet.com

2. Using command shell, ping some computer e.g. "ping someComputer"

3. If you use sniffer, the request would go out as someComputer.mynet.com

i.e. the OS would append the DNS suffix to the hostname.

4. Then tunnel is established, and "cisco.com" is pushed by the head-end.

5. Execute the ping command in step 2, and the request that goes out on

wire would be someComputer.cisco.com. This is the expected behavior

6. Disconnect the tunnel

7. Execute the ping command in step 2. The request that goes on the wire

would be someComputer.cisco.com. This is not the expected behavior. It should

be someComputer.mynet.com.

How to verify if you are running into this problem?

If you go to Network Connections > Adapter Properties > Internet Protocol

(TCP/IP) > Properties > Advanced button > DNS tab. This property page

gives more information about the DNS suffix used. You can view the properties

before tunnel establishment, and after the tunnel establishment, and then

at disconnect to see the bug.

You can also see the tunnel suffix used by using the "ipconfig -all" command.

hhm
New Member

Re: Problems with VPN client 4.0 for Windows and DNS

Thanks let's hope for a quick fix to this problem. The GUI to the new client is a big improvement to the old one.

New Member

Re: Problems with VPN client 4.0 for Windows and DNS

VPN Client v4.0.1 has just been posted and lists the DNS suffix issue, CSCea93394, under: Caveats Resolved in Release 4.0.1

at:

http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/rel401/401_clnt.htm#1253239

97
Views
3
Helpful
4
Replies
This widget could not be displayed.