12-19-2009 05:27 AM - edited 02-21-2020 04:25 PM
Hi,
My corporate laptop, Windows 7 64-bit, is connected to the head office using AnyConnect 2.4.0202 to a Cisco ASA 8.0(4).
Once connected I've been unable to query all non-A-type records. And because Active Directory heavily relies on SRV records for kerberos and ldap you propably understand I have big issues. Example: Outlook won't connect, filesharing won't trust integrated my security token and policies from AD are not applied.
I did some wireshark capturing and found out that, most likely, the anyconnect software is responding to DNS requests with "No such name" responses to my queries. Only A records seem to succeed. Whatever corporate DNS server I try to use when resolving, they all (even including non-existing servers!!) respond with "No such name", within 0,0001 seconds on a link with 10ms latency. This makes me think there is a problem with AnyConnect.
I have several colleagues with using Windows 7 32-bit with no problem.
Does any of the above sound familiar and is there a known solution to this?
Regards,
Erik Tamminga
12-28-2009 04:25 PM
I am having the exact same issue. Does this go away if you turn off split tunneling?
12-29-2009 10:37 AM
I have not been able to test this. Have you? The firewall is not under my control
12-29-2009 03:24 PM
Removing split tunneling did not help. I reverted to version 2.3.2016 for the Anyconnect client and it works perfect. Must be a bug in 2.4
12-29-2009 05:01 PM
I am also having the same issue, have also put in a cisco TAC case on the issue. Will keep you posted with what TAC says
12-30-2009 11:03 AM
Erik,
Do you mind sending me the data you have so I can forward to Cisco TAC? or email me and I will shot you over the TAC case number.
Tuska
04-09-2010 11:31 AM
Did anyone ever find the solution to this issue. I am having a similar problem but with secondary DNS name inside the organization.
Thanks.
12-29-2010 12:33 PM
I am having a similar problem but only on my company Cisco wireless network. Everything works fine on wired connections, my wireless at home and my sprint air card.
I am using an ASA 5510. I have split tunneling and split DNS set up. The VPN works perfectly on the Cisco wireless with Windows XP and Windows 7 32-bit. I can access both internal and external sites by name.
On Windows 7 64-bit I can only access internal sites by name. I can resolve names in my default VPN domain but not in other domains.
When on the VPN It looks like the DNS request is getting padded with the default suffix so
www.google.com becomes www.google.com.mydomain.com
I noticed that the wireless network is not serving up a default domain and I'm wondering if this could be the problem. Unfortunately I don't control the wireless so I cannot easily test this theory.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide