Cisco Support Community
Community Member

SA 540 IPSec VPN with Shrew Client DNS not working

I configured my SA 540 for IPSec VPN along with Shrew VPN Client according to instructions from Cisco website. Everything connects properly, but I am not able to browse PC's or servers by either Netbios or DNS name on the remote network. It looks like DNS server settings are not passed through the VPN connection even though I put correct IP address of my remote DNS server in the Shrew client settings. Am I missing something?

Community Member

Re: SA 540 IPSec VPN with Shrew Client DNS not working

Hi Adam,

Can you please confirm what software version of SA500 you have on the device?

We have simulated the setup locally with the topology and configuration steps and are able to ping using DNS name. Please find our observations below:



Lan host     +--- [L] SA500 [W] ------------- Shrew Soft VPN client


DNS Server +

SA520W configuration:

  • Add VPN client configuraton from VPN Wizard (VPN > IPSec > VPN Wizard)
  • On IKE Policies page, select XAUTH Configuration - Edge Device and Authentication Type - User Database.
  • On VPN Policies page, enable Mode Config
  • On Dynamic IP Range page, configure client IP range and DNS Server as LAN side DNS server.
  • Create an IPSec user
  • Disable and Enable VPN Policy.

Shrew Soft VPN Client (v2.1.7):

  • Disable Split tunnel
  • Authentication Method - Mutual PSK + XAuth
  • Policy tab, select 'Maintain Persistent Security Association' and Add to include remote network resource (LAN address of SA500)



CreatePlease to create content