Re: ASA VPN Client Cannot Resolve DNS - Page 2

joe.ho · ‎10-07-2010

I am running ASA5510 IOS 8.2(1). The VPN client are getting correct DNS when I check with config /all. However in the command prompt nslookup it is using the ISP DNS server. We see this intermittent issue happening only on the Windows7 machine. The VPN client we tried are 5.0.07.0290 (64bit) and 5.0.07.0410 (32bit). Does any one encounter the same issue? Any idea how to resolve this?

Namit Agarwal · ‎10-09-2010

Hi Joe,

Apologies for that. The WWAN Card being not supported is a known issue. As the Release notes mention that "The VPN Client on Windows 7 does not support WWAN devices (also called wireless data cards)."

The Bell Stick you are using a 3G Mobile Connection so it falls under this category. So anybody using this type of connection should face issues. The reason why this does not work is

Windows 7 introduced a new adapter type called WWAN
The traffic accepted by the NIC is controlled by an NDIS Miniport Driver.
The new WWAN connection bypasses NDIS IM drivers (Network Driver Interface Specification Intermediate driver), so our VPN Client NDIS IM driver fails to receive packets that go in and out WWAN devices.
Thereby no traffic flows across the tunnel even though the VPN Client connects ( IP based or DNS based ).

But in case we use the 3G Connection as a USB Stick or set it up as a Dial Up Connection it works.

Most cellular devices that are based on Qualcomm technology (all of them) will install a virtual serial driver and a modem driver so that AT commands can be used to control the cellular device.
The above case it works because we are forcing this interface to make the connection using the same technology that dial-analog modem use for connecting.
It bypassesthe limitation with NDIS drivers where the WWAN connection is a NIC and the VPN Client is not able to recognize as explained earlier.

Thanks,

Namit

joe.ho · ‎10-09-2010

Hi Namit,

Thanks for the long explanation.

Joe

Andreas Rosengart · ‎12-14-2010

hi @ all.

i hope you guys can help me solving this problem

today i tried connection a 5.0.07.0290 client on a 64bit win 7 to the vpn. Everything worked fine but the DNS does not work. like everyone else said before.

we use a USB GSM modem for remote access. the same stick works on win 7 notebooks with 5.0.07.0410 and DNS works also. its no konfiguration issue on the asa becaus everything works fine.

DNS servers are filled on the client and if i do a nslookup on thte server the nslookups works. if i do not specify the dns on the nslookup it takes the ISPs DNS.

So what can i do on here?

thanks for your time

mulatif · ‎12-16-2010

Hi Joe,

This probably seems like an issue with the binding order of the Adapter in

which DNS requests are going to be sent out.

This binding order can be changed as below. Can you change and test ?

(Please test on a PC, which shows the issue consistently or atleast more frequently than others)

Windows7\Vista

1. Go to start

2. Type "view network connections" in search and click on that selection

3. Press "ALT" to get to the advanced Menu. Then > Advanced> Advanced connections

4. Click on Adapters and Bindings Tab

Move the "Local Area Connection" that corresponds to VPN Adapter to

the Top of the List.

Thanks,

Naman