Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problems with VPN client 4.0 for Windows and DNS


I’m having a problem with the new VPN client ver. 4.0.

I have a test-environment where I have a VPN3005 concentrator with ver. 4.0 software.

When I connect to this concentrator from a W2k PC using the new ver 4.0 client software the concentrator applies it’s domain name to the client which is OK.

After disconnecting from the concentrator DNS queries to the central DNS-server fails when the query is for an external domain e.g.

The cause of this is that the VPN client software doesn’t reestablish my original DNS settings which are : Apply primary and connectionspecific suffixes.

I hope there is a quick fix for this problem


  • Other Security Subjects

Re: Problems with VPN client 4.0 for Windows and DNS

Did you check the bug tool kit or the release notes for known issues??

New Member

Re: Problems with VPN client 4.0 for Windows and DNS

Cisco Bug ID CSCea93394.. Says its resolved, but its there is no "Fixed in" version number, so I am guessing that means next release...

Release Notes

This is specific to windows version of 4.0 VPN Client. This should not

occur on non-windows platforms or earlier versions of the VPN Client.

When a tunnel is established, the head-end could send a DNS domain to

be used by the client by mode cfg. The VPN Client makes the changes to

the system to use the DNS suffix pushed by the head-end. This is working

fine without any problems. But when the tunnel is disconnected, we don't

undo the DNS suffix change that was made at tunnel connection time.

Example of this problem:

1. Lets say fully qualified hostname is Thus the

DNS suffix is

2. Using command shell, ping some computer e.g. "ping someComputer"

3. If you use sniffer, the request would go out as

i.e. the OS would append the DNS suffix to the hostname.

4. Then tunnel is established, and "" is pushed by the head-end.

5. Execute the ping command in step 2, and the request that goes out on

wire would be This is the expected behavior

6. Disconnect the tunnel

7. Execute the ping command in step 2. The request that goes on the wire

would be This is not the expected behavior. It should


How to verify if you are running into this problem?

If you go to Network Connections > Adapter Properties > Internet Protocol

(TCP/IP) > Properties > Advanced button > DNS tab. This property page

gives more information about the DNS suffix used. You can view the properties

before tunnel establishment, and after the tunnel establishment, and then

at disconnect to see the bug.

You can also see the tunnel suffix used by using the "ipconfig -all" command.

New Member

Re: Problems with VPN client 4.0 for Windows and DNS

Thanks let's hope for a quick fix to this problem. The GUI to the new client is a big improvement to the old one.

New Member

Re: Problems with VPN client 4.0 for Windows and DNS

VPN Client v4.0.1 has just been posted and lists the DNS suffix issue, CSCea93394, under: Caveats Resolved in Release 4.0.1


This widget could not be displayed.