07-04-2013 08:58 AM
I can successfully connect to my office Cisco AnyConnect VPN but I have some trouble accessing the office network because I can't resolve some private domain names.
The private domains I have problems resolving are like "example.bcgov" I think the problem is that I don't get an 'X-CSTP-Split-DNS: bcgov" header from the VPN gateway, so my client uses my ISP DNS server to resolve these domains (which is wrong).
Here is the output of running "openconnect -s env -v vpn2.gov.bc.ca": http://nottheoilrig.com/networkmanager/201306210/stdout
Is there anything special I need to do to request the "X-CSTP-Split-DNS" headers from the VPN gateway? Can I do anything to confirm that these headers are entirely missing from the gateway's responses? And how should I reconfigure the gateway so it sends these headers?
Thanks!
Solved! Go to Solution.
07-04-2013 09:40 AM
Jack,
Two possibilities:
http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/s8.html#wp1560462
or
http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/s8.html#wp1597902
Either should fix this particular aspect.
M.
07-04-2013 09:40 AM
Jack,
Two possibilities:
http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/s8.html#wp1560462
or
http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/s8.html#wp1597902
Either should fix this particular aspect.
M.
07-04-2013 04:25 PM
Thank you very much Marcin, I shared these details with the VPN administrator.
07-05-2013 10:41 AM
Thanks again for these details Marcin, I shared them with the VPN administrator. He says that the VPN gateway does normally append the "bcgov" suffix to the VPN DNS configuration, but I am still not seeing "bcgov" or X-CSTP-Split-DNS headers anywhere in the responses from the gateway:
http://nottheoilrig.com/networkmanager/201306210/stdout
Is it possible that the "bcgov" domain or X-CSTP-Split-DNS headers are sent only in some responses from the gateway and not others? (Could the gateway be configured with the "bcgov" domain but there is something about my communication with the gateway causing the domain to be omitted from these responses?)
Is there some auxiliary way that the gateway might be configured to append the "bcgov" suffix to the VPN DNS configuration? (Such that I am not seeing it in the responses from the gateway?) Thanks!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: