Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

DNS Remote access VPN


Altho' generally using no-split-tunnelled RA vpn setups there are some instances where it is necessary. Some staff work extensively on a customer site and need access to our resources as well as those of the site.

It seems to me that the big sticking point in all this is DNS. If you assign a DNS svr via the group-policy then you have the same problem you would if you did not assign one and left it with the remote site's DHCP assigned svr.

For the no to IT literate it is very difficult to explain how to connect their Excahnge svr or file share while still being able to access local file shares and printers.

Anyone know of a way to overcome this problem? (Or if I have not explained it properly)

Any help much appreciated,



Re: DNS Remote access VPN

One way is to use SSLVPN (Cisco is headed that way anyway) and create a portal for your servers. TS & Citrix will work best.

Hope that helps.

New Member

Re: DNS Remote access VPN

Hi Colin .. afraid it doesn't. SSL vpns require expensive licensing I believe (pls correct me if I'm wrong) and my Co. is a scrooge at the moment.

We have a TS but if all the required users jump on it at the same time it will die.

Re: Citrix see comments on $$ for SSL VPN

Thanks anyway.



New Member

Re: DNS Remote access VPN

Fixed my own problem .. comes down to DNS suffixes.

group-policy POLICY-01 attributes


dns-server value x.x.x.x !# the DNS of home - i.e. to whom the vpn clients are connecting to


split-tunnel-policy tunnelspecified


default-domain value !# customer site which RA have access to via split-tunnel

split-dns value


As the site DNS is configured when a DHCP address is granted the configuration of the remote DNS just adds one. Then using first one and if necessary the other by virtue of the suffix it seems to fix all those user quirks like drive mappings and print servers etc with just the win friendly hostnames (not FQDN)

Does the trick at any rate.

Hope this is useful to someone else


CreatePlease to create content