Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Anyconnect SSL-VPN - DNS Lookups (external) doesn't work


I have issues with my SSL AnyConnect VPN setup on my ASA 5512-x. The VPN , split tunneling and NAT exempt is working fine and i can connect to internal hosts.

However, external or internal DNS requests doesn't work on the clients (Windows, Anyconnect). I want full split tunneling, ie DNS requests should not go through the VPN.

The DNS requests works through NSLOOKUP but not in ping and in any browser.

(The config, request more if i've omitted something important).

ASA Version 8.6(1)2


access-list vlan42-splittunneling standard permit

ip local pool vlan42test mask
address-pools value vlan42test
nat (any,any) source static any any destination static VPN-pool-range VPN-pool-range


object network VPN-pool-range




enable Outside
anyconnect image disk0:/anyconnect-win-3.1.04072-k9.pkg 1
anyconnect enable
group-policy vlan42-clientvpn-policy internal
group-policy vlan42-clientvpn-policy attributes
wins-server none
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vlan42-splittunneling
default-domain value doesntmatter.local
split-dns value doesntmatter.local
vlan none
address-pools value vlan42test
vpn-group-policy vlan42-clientvpn-policy
vpn-simultaneous-logins 20
service-type remote-access
tunnel-group vlan42-con-profile type remote-access
tunnel-group vlan42-con-profile general-attributes
authentication-server-group ah
default-group-policy vlan42-clientvpn-policy
tunnel-group vlan42-con-profile webvpn-attributes
group-alias privatecloud42 enable
group-url https://vpn.**.com/privatecloud42 enable

I gladly appreciate your help. Thank you.

CreatePlease to create content