05-28-2012 05:25 AM - edited 02-21-2020 06:05 PM
hi ,
we have users that connect to internal server via a vpn remote acces configured on ASA ,
when they use ip address they can connect successfully to the servers but when they use the name they can't connect .
i have test the connexion between tthe vpn pool and the serves it's ok .and wehen i made a ping -a on a internal servers from a pc connected by vpn the pc find the name of the servers but when i made nslookup it shows me the ip adress of the interanl dns and request time-out .
please help me to solve this issue .
05-28-2012 05:28 AM
do you try to connect just by name or with its fully qualified name (fqdn)? can you try with fqdn and see if it works?
also if it works, you can add the "default-domain" configuration under group-policy.
05-28-2012 05:34 AM
thanks for you response ,
i want to tell you that not all users have this problem ,
there are users that can connect by name from 3g from one provider but there are others users that use other 3g provider ,sometimes they wok fine somestimes they not work
05-28-2012 05:49 AM
Hmm, that sounds very random, and I assume that if they are connected to LAN/wired/wireless, there is no issue, right?
Do you know if those users that use the 3g provider that does not resolve internal dns happens to be the same 3g provider? Just trying to see if it is something on the 3g that might be blocking it.
05-28-2012 06:02 AM
no it's from different provider .
i have make the default domain but i still receive the request time out
05-28-2012 06:08 AM
Did you try to disconnect from the vpn client after the default-domain has been added, and reconnect again before testing it?
05-28-2012 07:37 AM
05-28-2012 08:47 PM
If you try to resolve the full name instead of just the server name, does it work?
05-29-2012 01:02 AM
it does not work ,
how ca i debug and see if the traffic arrive to the asa from the 3g connexion
05-29-2012 04:39 AM
If it works from some 3g and not from other 3g, I don't think it's issue with the ASA nor the VPN Client. It sounds more like a 3g connection somehow causing the issue.
BTW, I assume that you can ping your DNS server from the VPN Client?
To check if traffic arrive, check the output of "show cry ipsec sa" and see the encrypts and decrypts counters
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide