Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 55xx no Internet Access when VPN from inside the LAN, DNS issue

Hello,

Couldn't locate similar posts in support forum so creating new discussion...

ASA 5510 SSL VPN with AnyConnect - all seems to be good with only one issue:

- clients can't browse Internet when VPN connected from within the Office LAN itself.

So clients connect from LAN to the same LAN via VPN. Let's say for testing purposes.

LAN access goes via the tunnel then and does it good.

Internet access - no go. No DNS resolution for domains other than mentioned in split-dns as:

- Internet host resolving is directed not to be tunneled;

- So DNS server from the LAN interface is chosen for resolving and sent DNS query to;

- As this DNS server resides on the LAN the DNS query should be tunneled, right?

- ... what happens next?

DNS server can ping the VPN connected client and client can ping back to DNS server so sending-answering a DNS query shouldn't be an issue?

VPN connected client can ping Internet hosts.

What might be the problem here? NAT? Firewalling? I can't see any trace of DNS queries in the ASA monitoring (Realtime Log Viewer)...

Thanks in advance for all the answers,

Yev

Everyone's tags (3)
1 REPLY
Super Bronze

ASA 55xx no Internet Access when VPN from inside the LAN, DNS is

Hi,

Why are your using VPN Client in your internal network? Whats the idea behind that?

Without seeing actual configurations I am not sure I understand the whole setup.

- Jouni

289
Views
0
Helpful
1
Replies