We have ASA5550 (ver. 8.0.4). We setup Split-tunneling. The Remote users were NOT able to access the intranet web server using Cisco VPN client. However, they were able to access other internal resources. We were able to ping the IP address of the Intranet Web server, but we were NOT able to ping by name. Do you have any suggestions?
Yes, what's your internal DNS server? Do you have ANY asigned to the VPN Client via the group policy? When connected, go ahead and type "nslookup" on your CMD of the Remote user, is the dns server showing there the correct one? if not then check your asa settings
We have Corporate office's DNS server setup in Group Policy. The Remote office has their own DNS server. If I type "nslookup", which DNS server is supposed to show? The Corporate office or Remote office.
By the way, the Remote computer is using the DHCP with the private IP address (10.x.x.xxx). But, the DNS server is the public IP address.
The vpn connection should use the dns that is assigned via the VPN adapter, but I think you might need to enable split dns to make sure that only the traffic that matches a specific internal domain should be tunneled.
Typically the split dns entry will contain the dns names that are located on your corporate office, however if you have many remote offices and each of them with different domains each and all of these offices are required to be reached via the vpn client, you might want to consider a different approach if this is not scalable for you.
Thanks for your prompt response. Sorry for posting the question twice. Do you have any other suggestions since it is not possible to put that many domains in Split DNS entry? How about setting up different Group policies?
Thanks for your response and information. The VPN adapter shows the Corporate office's DNS server. When I typed NSLOOKUP, the Remote computer also showed the Corporate office's DNS server. So, does it mean the DNS is setup correctly on the ASA?
We have about 100 Remote offices, do we need to put in 100 DNS servers for Split-DNS? The Remote offices are using Cisco VPN client to connect to us.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :