Altho' generally using no-split-tunnelled RA vpn setups there are some instances where it is necessary. Some staff work extensively on a customer site and need access to our resources as well as those of the site.
It seems to me that the big sticking point in all this is DNS. If you assign a DNS svr via the group-policy then you have the same problem you would if you did not assign one and left it with the remote site's DHCP assigned svr.
For the no to IT literate it is very difficult to explain how to connect their Excahnge svr or file share while still being able to access local file shares and printers.
Anyone know of a way to overcome this problem? (Or if I have not explained it properly)
Fixed my own problem .. comes down to DNS suffixes.
group-policy POLICY-01 attributes
dns-server value x.x.x.x !# the DNS of home - i.e. to whom the vpn clients are connecting to
default-domain value local.site.suffix !# customer site which RA have access to via split-tunnel
split-dns value home.company.suffix
As the site DNS is configured when a DHCP address is granted the configuration of the remote DNS just adds one. Then using first one and if necessary the other by virtue of the suffix it seems to fix all those user quirks like drive mappings and print servers etc with just the win friendly hostnames (not FQDN)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :