Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

enable to connect to internal server by name with vpn remote access

hi ,

we have  users that connect to internal server via a  vpn remote acces configured on  ASA  ,

when they use ip address they can connect successfully to the servers but  when they use the name they can't connect .

i have test the connexion between tthe vpn pool and the serves it's ok .and wehen i made a ping -a on a internal servers from a pc connected by vpn the pc find the name of the servers but when i made nslookup it shows me  the ip adress of the interanl dns and request time-out .

please help me to solve this issue .

9 REPLIES
Cisco Employee

enable to connect to internal server by name with vpn remote acc

do you try to connect just by name or with its fully qualified name (fqdn)? can you try with fqdn and see if it works?

also if it works, you can add the "default-domain" configuration under group-policy.

New Member

enable to connect to internal server by name with vpn remote acc

thanks for you response ,

i want to tell you that not all users have this problem ,

there are users that can connect by name  from 3g from one provider but there are others users that use other 3g provider ,sometimes they wok fine somestimes they not work

Cisco Employee

enable to connect to internal server by name with vpn remote acc

Hmm, that sounds very random, and I assume that if they are connected to LAN/wired/wireless, there is no issue, right?

Do you know if those users that use the 3g provider that does not resolve internal dns happens to be the same 3g provider? Just trying to see if it is something on the 3g that might be blocking it.

New Member

enable to connect to internal server by name with vpn remote acc

no it's from different provider .

i have make the default domain but i still receive the request time out

Cisco Employee

Re: enable to connect to internal server by name with vpn remote

Did you try to disconnect from the vpn client after the default-domain has been added, and reconnect again before testing it?

New Member

Re: enable to connect to internal server by name with vpn remote

yes i have disconnected from the vpn after i added the default-domain commande

i have attached the cnfiguration ,you can  check it i tell me what is wrong on it .

Cisco Employee

Re: enable to connect to internal server by name with vpn remote

If you try to resolve the full name instead of just the server name, does it work?

New Member

Re: enable to connect to internal server by name with vpn remote

it does not work ,

how ca i debug and see if the traffic arrive to the asa from  the 3g connexion

Cisco Employee

Re: enable to connect to internal server by name with vpn remote

If it works from some 3g and not from other 3g, I don't think it's issue with the ASA nor the VPN Client. It sounds more like a 3g connection somehow causing the issue.

BTW, I assume that you can ping your DNS server from the VPN Client?

To check if traffic arrive, check the output of "show cry ipsec sa" and see the encrypts and decrypts counters

460
Views
0
Helpful
9
Replies
CreatePlease to create content